Mitigating adversarial evasion attacks of ransomware using ensemble learning

Abstract

Ransomware continues to pose a significant threat to cybersecurity by extorting money from users by locking their devices and personal data. The attackers force the payment of a ransom in order to restore access to personal files. Because of the structural similarity, detection of ransomware and benign applications becomes vulnerable to evasion attacks. Ensemble learning can provide countermeasures, while attackers can use the same technique to improve the effectiveness of their respective attacks. This motivates us to investigate whether the distinct ensemble method can achieve better performance when combined with the voting-based method. This research proposes a hybrid approach that examines permissions, text, and network-based features both statically and dynamically by monitoring memory usage, system call logs, and CPU usage. Ensemble machine learning analyzers on static and dynamic features extracted from Android malware applications (ransomware and non-ransomware) are then trained in the designed model. Our experimental results show that the proposed ensemble classification and detection technique can classify unknown static and dynamic ransomware behavior to mitigate adversarial evasion attacks.