STAR-D: Multiclass SVM-Based Smart TV Attack Ransomware Detection via DLL/API File Features

M. Thangamani

doi:https://doi.org/10.59232/CYS-V1I1P103

Research Article | Open Access | Download Full Text

Volume 1 | Issue 1 | Year 2023 | Article Id: CYS-V1I1P103 DOI: https://doi.org/10.59232/CYS-V1I1P103

STAR-D: Multiclass SVM-Based Smart TV Attack Ransomware Detection via DLL/API File Features

M. Thangamani

Received	Revised	Accepted	Published
24 May 2023	05 Jun 2023	19 Jun 2023	05 Jul 2023

Citation

M. Thangamani. “STAR-D: Multiclass SVM-Based Smart TV Attack Ransomware Detection via DLL/API File Features.” DS Journal of Cyber Security, vol. 1, no. 1, pp. 28-38, 2023.

Abstract

Recent ransomware attacks have been expensive due to the tremendous harm and disruption they caused in various ways, including health, industries, business, education and insurance. The idea that a backup can guard against a hacker stealing an organisation's digital data has been dispelled by recent ransomware outbreaks like WannaCry and Not Petya. Numerous malware detection techniques have been put forth to identify various virus families. However, the issue has not yet been resolved because malware is always developing. In this study, a unique Smart TV Attack Ransomware detection (STAR-D) method based on Multiclass SVM and DLL/ Application Programming Interface (API) file features has been proposed. In this framework, machine learning is used to examine the ransomware at many levels, including its Dynamic Link Library (DLL) and APIs. Term Frequency and Inverse Document Frequency (TFIDF) were used to further process the raw data from the malware and smart TV to produce the final feature sets. Finally, a multiclass SVM is provided with these attributes as inputs to classify the assault. Although a general-purpose computer can potentially be used, it employs the Apache Spark computing environment for speedier processing. For evaluating the efficacy of the suggested model, the accuracy, specificity, parameters sensitivity, precision and F1 score are taken into account. The suggested approach outperforms Naive Bayes, Random Forest, and Decision Tree in terms of overall accuracy by 0.82%, 1.32%, and 3.57%, respectively.

Keywords

Ransomware detection, Reverse engineering, Machine Learning, Dynamic Link Library, Application Programming Interface (API).

References

[1] Francisco Martinez-Pabon et al., "Smart TV-Smartphone Multiscreen Interactive Middleware for Public Displays," The Scientific World Journal, vol. 2015, pp. 1-14, 2015.

[CrossRef] [Google Scholar] [Publisher Link]

[2] Syed Rameem Zahra, and Mohammad Ahsan Chishti, “Ransomware and Internet of Things: A New Security Nightmare,” 2019 9^th International Conference on Cloud Computing, Data Science & Engineering (Confluence), pp. 551-555, 2019.

[CrossRef] [Google Scholar] [Publisher Link]

[3] Amin Azmoodeh et al., "Detecting Crypto-Ransomware in IoT Networks Based on Energy Consumption Footprint," Journal of Ambient Intelligence and Humanized Computing, vol. 9, pp. 1141-1152, 2018.

[CrossRef] [Google Scholar] [Publisher Link]

[4] Mamoona Humayun et al., "Internet of Things and Ransomware: Evolution, Mitigation and Prevention," Egyptian Informatics Journal, vol. 22, no. 1, pp. 105-117, 2021.

[CrossRef] [Google Scholar] [Publisher Link]

[5] Ibrar Yaqoob et al., "The Rise of Ransomware and Emerging Security Challenges in the Internet of Things," Computer Networks, vol. 129, pp. 444-458, 2017.

[CrossRef] [Google Scholar] [Publisher Link]

[6] Trung Kien Tran, and Hiroshi Sato, “NLP-Based Approaches for Malware Classification from API Sequences,” 2017 21^st Asia Pacific Symposium on Intelligent and Evolutionary Systems (IES), pp. 101-105, 2017.

[CrossRef] [Google Scholar] [Publisher Link]

[7] Md Mahbub Hasan, and Md. Mahbubur Rahman, “Ranshunt: A Support Vector Machines Based Ransomware Analysis Framework with Integrated Feature Set,” 2017 20^th International Conference of Computer and Information Technology (ICCIT), pp. 1-7, 2017.

[CrossRef] [Google Scholar] [Publisher Link]

[8] Umme Zahoora, "Zero-Day Ransomware Attack Detection Using Deep Contractive Autoencoder and Voting Based Ensemble Classifier," Applied Intelligence, vol. 52, no. 12, pp. 13941-13960, 2022.

[CrossRef] [Google Scholar] [Publisher Link]

[9] Subash Poudyal, Kul Prasad Subedi, and Dipankar Dasgupta, “A Framework for Analyzing Ransomware Using Machine Learning,” 2018 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1692-1699, 2018.

[CrossRef] [Google Scholar] [Publisher Link]

[10] Firoz Khan et al., "A Digital DNA Sequencing Engine for Ransomware Detection Using Machine Learning," IEEE Access, vol. 8, pp. 119710-119719, 2020.

[CrossRef] [Google Scholar] [Publisher Link]