Enhancing Cybersecurity: Ransomware Detection - A Proof of Concept Study

Abstract

Presently, our digital landscape faces a pervasive onslaught of diverse cyber threats, encompassing distributed denial of service (DDoS), phishing, ransomware, and smishing, all orchestrated with malicious intent. Counteracting these malicious incursions poses a formidable challenge, particularly in devising efficacious detection solutions. Ransomware incidents are on the ascent, particularly within critical sectors such as healthcare, finance, and telecommunications. Consequently, this paper introduces a proof of concept (POC) aimed at detecting ransomware activities targeting Internet of Medical Things (IoMT) devices. The primary objective of this paper revolves around the identification and evaluation of factors correlating with ransomware attacks on IoMT and then developing a ransomware detector. The experimental framework involves the utilization of a simulated environment mirroring real-world IoMT devices and networks. The methodology integrates diverse approaches, encompassing data collection from IoMT devices, analysis of ransomware behaviour through the study of encryption patterns, and anomaly detection. The POC assesses the efficacy of these methodologies in detecting and responding to ransomware threats, with the experimentation conducted through hybrid analysis within a controlled laboratory setting. The dataset consists of 13 families with a total malware of 9251 taken from GitHub. For POC, a total of 3459 ransomware dataset samples have been selected. As a result of the experiment, thirteen (13) distinct features have been identified as trigger factors for ransomware attacks. These features are obtained by capturing of the processes initiated by the ransomware samples using a process monitor (procmon). A temporal pattern of the processes which include the file system, API, and access based on their frequency of occurrence were used to develop a ransomware detection model. The proposed approach achieved an accuracy of 99.2% and an error rate of 0.8 %, when evaluated on temporal pattern dataset and by using an enhanced artificial neural network (EANN).