Deteksi Malware Ransomware Berdasarkan Panggilan API dengan Metode Ekstraksi Fitur N-gram dan TF-IDF

Hartinah Hartinah, Ady Wahyudi Paundu, Amil Ahmad Ilham

Abstract


Ransomware merupakan ancaman malware yang paling menakutkan saat ini karena memiliki kemampuan mengenkripsi data, selain itu jumlah serangan ransomware yang terus meningkat mengakibatkan kerugian yang tidak sedikit. Penanganan atas serangan ini semakin sulit dilakukan dikarenakan varian ransomware yang terus berkembang. Dibutuhkan suatu sistem yang mampu mendeteksi ransomware bahkan untuk varian ransomware terbaru. Melalui penelitian ini kami membuat suatu sistem yang mampu mendeteksi ransomware dan normalware menggunakan metode machine learning dengan memanfaatkan data panggilan API dari ransomware dan normalware. Pada penelitian ini kami hanya melakukan binary classification untuk semua varian ransomware yang terdeteksi. Proses ekstraksi fitur terlebih dilakukan dengan metode N-gram dan TF-IDF pada panggilan API untuk membentuk subset fitur yang digunakan dalam proses pembelajaran model. Pembuatan model deteksi dilakukan dengan melatih data panggilan API dari beberapa varian ransomware. Pengujian model dilakukan baik terhadap varian ransomware yang sudah dilatih sebelumnya maupun varian ransomware diluar data latih. Proses pembelajaran model dilakukan untuk mencari kesamaan fitur dari data panggilan API berbagai varian ransomware pada data latih, kesamaan fitur ini akan dimanfaatkan untuk mendeteksi varian lain dari ransomware diluar data latih. Hasil penelitian menunjukkan bahwa akurasi rata-rata model terhadap varian ransomware dalam data latih adalah 94% dengan skor error rate tertinggi 10%. Adapun hasil deteksi ransomware untuk varian diluar data latih menunjukkan akurasi rata-rata 83% dengan skor error rate tertinggi 30%. Sehingga dengan demikian model yang dibuat pada penelitian ini dapat digunakan untuk mendeteksi ransomware meskipun varian dari ransomware mengalami perkembangan.


Keywords


Ransomware; Panggilan API; Machine Learning; Binary Classification; N-gram; TF-IDF

Full Text:

PDF

References


D. Morato, E. Berrueta, E. Magaña, And M. Izal, “Ransomware Early Detection By The Analysis Of File Sharing Traffic,” J. Netw. Comput. Appl., Vol. 124, No. September, Pp. 14–32, 2018, Doi: 10.1016/J.Jnca.2018.09.013.

A. Palisse, H. Le Bouder, J. L. Lanet, C. Le Guernic, And A. Legay, “Ransomware And The Legacy Crypto Api,” Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), Vol. 10158 Lncs, Pp. 11–28, 2017, Doi: 10.1007/978-3-319-54876-0_2.

Emsisoft, “Ransomware Statistics For 2021 Q1 Report,” Pp. 1–7, 2021.

M. Humayun, N. Z. Jhanjhi, A. Alsayat, And V. Ponnusamy, “Internet Of Things And Ransomware: Evolution, Mitigation And Prevention,” Egypt. Informatics J., Vol. 22, No. 1, Pp. 105–117, 2021, Doi: 10.1016/J.Eij.2020.05.003.

D. Y. Kao, S. C. Hsiao, And R. Tso, “Analyzing Wannacry Ransomware Considering The Weapons And Exploits,” Int. Conf. Adv. Commun. Technol. Icact, Vol. 2019-Febru, No. 1, Pp. 1098–1107, 2019, Doi: 10.23919/Icact.2019.8702049.

J. Hwang, J. Kim, S. Lee, And K. Kim, “Two-Stage Ransomware Detection Using Dynamic Analysis And Machine Learning Techniques,” Wirel. Pers. Commun., Vol. 112, No. 4, Pp. 2597–2609, 2020, Doi: 10.1007/S11277-020-07166-9.

S. Sheen And A. Yadav, “Ransomware Detection By Mining Api Call Usage,” 2018 Int. Conf. Adv. Comput. Commun. Informatics, Icacci 2018, Pp. 983–987, 2018, Doi: 10.1109/Icacci.2018.8554938.

J. Zhou, M. Hirose, Y. Kakizaki, And A. Inomata, “Evaluation To Classify Ransomware Variants Based On Correlations Between Apis,” In Icissp 2020 - Proceedings Of The 6th International Conference On Information Systems Security And Privacy, 2020, No. Icissp 2020, Pp. 465–472, Doi: 10.5220/0008959904650472.

D. T. Nguyen And S. Lee, “Lightgbm-Based Ransomware Detection Using Api Call Sequences,” Int. J. Adv. Comput. Sci. Appl., Vol. 12, No. 10, Pp. 138–146, 2021, Doi: 10.14569/Ijacsa.2021.0121016.

Y. A. Ahmed, B. Koçer, And B. A. S. Al-Rimy, “Automated Analysis Approach For The Detection Of High Survivable Ransomware,” Ksii Trans. Internet Inf. Syst., Vol. 14, No. 5, Pp. 2236–2257, 2020, Doi: 10.3837/Tiis.2020.05.021.

B. Qin, Y. Wang, And C. Ma, “Api Call Based Ransomware Dynamic Detection Approach Using Textcnn,” Proc. - 2020 Int. Conf. Big Data, Artif. Intell. Internet Things Eng. Icbaie 2020, Pp. 162–166, 2020, Doi: 10.1109/Icbaie49996.2020.00041.

A. Ashraf, A. Aziz, U. Zahoora, And A. Khan, “Ransomware Analysis Using Feature Engineering And Deep Neural Networks,” Pp. 1–15, 2019, [Online]. Available: Http://Arxiv.Org/Abs/1910.00286.

K. Iwamoto And K. Wasaki, “Malware Classification Based On Extracted Api Sequences Using Static Analysis,” In Asian Internet Engineeering Conference, Aintec 2012, 2012, No. November 2012, Pp. 31–38, Doi: 10.1145/2402599.2402604.

Y. Ki, E. Kim, And H. K. Kim, “A Novel Approach To Detect Malware Based On Api Call Sequence Analysis,” Int. J. Distrib. Sens. Networks, Vol. 2015, 2015, Doi: 10.1155/2015/659101.

T. K. Tran And H. Sato, “Nlp-Based Approaches For Malware Classification From Api Sequences,” Proc. - 2017 21st Asia Pacific Symp. Intell. Evol. Syst. Ies 2017, Vol. 2017-Janua, Pp. 101–105, 2017.

S. Gupta, H. Sharma, And S. Kaur, “Malware Characterization Using Windows Api Call Sequences,” J. Cyber Secur. Mobil., Vol. 7, No. 4, Pp. 363–378, 2018, Doi: 10.13052/Jcsm2245-1439.741.

Z. G. Chen, H. S. Kang, S. N. Yin, And S. R. Kim, “Automatic Ransomware Detection And Analysis Based On Dynamic Api Calls Flow Graph,” Proc. 2017 Res. Adapt. Converg. Syst. Racs 2017, Vol. 2017-Janua, Pp. 196–201, 2017, Doi: 10.1145/3129676.3129704.

P. Bajpai And R. Enbody, “An Empirical Study Of Api Calls In Ransomware,” Ieee Int. Conf. Electro Inf. Technol., Vol. 2020-July, Pp. 443–448, 2020, Doi: 10.1109/Eit48999.2020.9208284.

Y. Fang, Y. Zeng, B. Li, L. Liu, And L. Zhang, Deepdetectnet Vs Rlattacknet: An Adversarial Method To Improve Deep Learningbased Static Malware Detection Model, Vol. 15, No. 4. 2020.

A. Ninyesiga And J. Ngubiri, “Malware Classification Using Api System Calls,” Int. J. Technol. Manag., Vol. 3, No. 2, 2018, [Online]. Available: Https://Utamu.Ac.Ug/Ijotm/Index.Php/Ijotm/Article/View/41.

R. Canzanese, S. Mancoridis, And M. Kam, “Run-Time Classification Of Malicious Processes Using System Call Analysis,” 2015 10th Int. Conf. Malicious Unwanted Software, Malware 2015, No. October, Pp. 21–28, 2016, Doi: 10.1109/Malware.2015.7413681.

M. Schofield Et Al., “Convolutional Neural Network For Malware Classification Based On Api Call Sequence,” In Computer Science & Information Technology (Cs & It), Jan. 2021, Pp. 85–98, Doi: 10.5121/Csit.2021.110106.

Z. Yan, P. Zhang, And A. V. Vasilakos, “A Survey On Trust Management For Internet Of Things,” J. Netw. Comput. Appl., Vol. 42, Pp. 120–134, 2014, Doi: 10.1016/J.Jnca.2014.01.014.

P. Casaseca-De-La-Higuera, M. Martín-Fernández, And C. Alberola-López, “Weaning From Mechanical Ventilation: A Retrospective Analysis Leading To A Multimodal Perspective,” Ieee Trans. Biomed. Eng., Vol. 53, No. 7, Pp. 1330–1345, 2006, Doi: 10.1109/Tbme.2006.873695.

W. M. Coplin, D. J. Pierson, K. D. Cooley, D. W. Newell, And G. D. Rubenfeld, “Implications Of Extubation Delay In Brain-Injured Patients Meeting Standard Weaning Criteria,” Am. J. Respir. Crit. Care Med., Vol. 161, No. 5, Pp. 1530–1536, 2000, Doi: 10.1164/Ajrccm.161.5.9905102.

B. A. S. Al-Rimy, M. A. Maarof, And S. Z. M. Shaid, “Crypto-Ransomware Early Detection Model Using Novel Incremental Bagging With Enhanced Semi-Random Subspace Selection,” Futur. Gener. Comput. Syst., Vol. 101, Pp. 476–491, 2019, Doi: 10.1016/J.Future.2019.06.005.




DOI: http://dx.doi.org/10.26418/jp.v9i1.58721

Refbacks

  • There are currently no refbacks.