Evaluation to Classify Ransomware Variants based on Correlations between APIs

Jiaxing Zhou, Miyuki Hirose, Yoshio Kakizaki, Atsuo Inomata

Abstract

Research into ransomware subspecies classification is ongoing in many organizations, but it is proving difficult to extract feature quantities from specimens and the accuracy achieved thus far remains unsatisfactory. In this paper, we propose a method to classify subspecies that using the correlation coefficient between API groups calculated by Application Programming Interfaces (API) frequencies as the Support Vector Machines’ (SVM) feature quantities. The motivation for using the correlation coefficient between API groups as the feature quantity is that different ransomware families have different behavior patterns that can be reflected by the correlation between API groups. Based on the results of an evaluation experiment, we found that the accuracy of the proposed method was 98%, proving that the subspecies were classified correctly. Otherwise, it is determined that the contribution of each API for classifying ransomware families is different via analysis of the contribution of API.

Download


Paper Citation


in Harvard Style

Zhou J., Hirose M., Kakizaki Y. and Inomata A. (2020). Evaluation to Classify Ransomware Variants based on Correlations between APIs.In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 465-472. DOI: 10.5220/0008959904650472


in Bibtex Style

@conference{icissp20,
author={Jiaxing Zhou and Miyuki Hirose and Yoshio Kakizaki and Atsuo Inomata},
title={Evaluation to Classify Ransomware Variants based on Correlations between APIs},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={465-472},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008959904650472},
isbn={978-989-758-399-5},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Evaluation to Classify Ransomware Variants based on Correlations between APIs
SN - 978-989-758-399-5
AU - Zhou J.
AU - Hirose M.
AU - Kakizaki Y.
AU - Inomata A.
PY - 2020
SP - 465
EP - 472
DO - 10.5220/0008959904650472