HOME       POLICIES       SUBMISSION        PEOPLE        ARCHIVES         CONFERENCES        CONTACT

ABSTRACT


Ransomware analysis forms a critical aspect of cybersecurity defense mechanism. The number of ransomware attacks have increased in the recent years affecting different sectors which includes health, education, finance and banking and e-commerce. Various work has been done via static and dynamic analysis of malware to build the distinguishing characteristics of the malware. Binary code bit vector analysis approach [8], hashing, finding strings, control flow graph based analysis [7], n-gram analysis [10] and PEheader analysis [8][10] are static techniques used by researchers to study the behavior of the malware. However, whatever techniques they use most of them include the analysis of Portable executable (PE) file of the malware executable. In this paper we have proposed PEFile analysis technique to study the behavior and characteristics of the ransomware. We have used open source tool: PEview program [2] to analyze PE file of ransomware sample in a safe virtual environment. We also use open source PE parser [5] tool to get dlls used by the ransomware. The experiment reveals that we can compile the static behaviors of the ransomware to build a feature database for further analysis such as machine learning classification techniques to detect ransomware. Feature vector of both normal and ransomware samples can be created to feed the machine learning model to improve the detection rate. 


KEYWORDS

Ransomware detection, Static analysis, PE analysis, PE parser, Dll, Functions. 

ARCHIVES
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS

Volume 14, Number 1, pages 34-39, DOI: 10.5769/J201901004 or http://dx.doi.org/10.5769/J201901004


PEFile Analysis: A Static Approach To Ransomware Analysis


By  Subash Poudyal, Kishor Datta Gupta, Sajib Sen



To download this paper, click here.