Browsing by Author "Asiri, Alhussain"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • Thumbnail Image
    ItemUnknown
    Ransomware between proactive using detection lab and reactive using machine learning
    (Alhussain Asiri, 2023-08-01) Asiri, Alhussain; Arabo, Abdullahi
    Ransomware is a type of malware attack that encrypts a victim's data to enable attackers to demand payment to restore access. As the frequency of ransomware attacks increases in sophistication and frequency, the effective detection and prevention of this type of attack are crucial to the mitigation of the impact of ransomware. Machine learning and dynamic analysis are approaches for detecting and classifying ransomware based on the behavior and characteristics of files and programs. The present study aimed to compare the effectiveness of machine learning and dynamic analysis in detecting ransomware systems. Accordingly, the researcher used various approaches to the examination of this problem. The detection lab involved the creation and connection of hosts in a virtual environment and infecting them with ransomware delivered through the macros of a Microsoft Word file. By contrast, the machine learning-based ransomware detection technique used data to train models and algorithms to detect ransomware in computer networks. The results of the analysis suggest that both machine learning and dynamic analysis are effective in detecting ransomware. However, dynamic analysis is more effective because it can identify novel ransomware by emphasizing the behavior and characteristics of ransomware. Machine learning-based ransomware detection is effective, but the need for datasets to train models and algorithms limits its application in the detection of new ransomware. Therefore, the use of machine learning and dynamic analysis for ransomware detection shows excellent results, with high accuracy rates in detecting the attackers, but the effectiveness of machine learning models depends on the availability, quality, and quantity of data used for the training and evaluation of a system. Furthermore, the choice of the parameters for ransomware detection affects the accuracy of machine learning models. The use of a detection lab offers a more realistic and controlled approach to ransomware detection, and it offers a mechanism for receiving real-time alerts to enable cybersecurity analysts to take action quickly, reducing the impact of ransomware attacks on organizations.
    20 0

Copyright owned by the Saudi Digital Library (SDL) © 2024