Dynamic Ranking Scheme for Low Heuristic Footprint Activities on Static Ransomware Identification Scheme
In recent times the large scale spread of ransomware have effected operations of electronic and IT infrastructures more than it has had a chance to in previous years. The ransomwares have been able to get access of file systems of a number of systems as well as propagate through different kinds of security arrangements getting flagged at much lower success rates than expected. This work is divided into three parts. Part one of our work identifies how standard detection via flow analyzer can be bypassed with very low heuristic footprint code flow changes and how exploits are driven by such implications both in terms of network activities as well as local file system activities. Part two of this work proposes a dynamic ranking scheme for activities so that they can not bypass their position on heuristic ranking schemes. Part three of this work shows the experimental findings leading to the mathematical basis of our ranking scheme. Our work is an essential set of adaptations for a regular local scan to be able to successfully identify ransomware.
Keywords - Network Security, ransomware identification, Vector based malware identification, heuristic analysis