Application of Sequential Analysis on Runtime Behavior for Ransomware Classification

The unprecedented development and massive proliferation of Internet technology, computing /storage capability and emerging business model, like cloud and IoT, brings not only incredible changes to human lifestyle but also numerous, complex and continuing cyber security threats, one noticeable example among them is malware. Static analysis has been popular and widely used in many anti-virus engine. However, static analysis can be avoided using techniques such as packing, polymorphism, and metamorphism. In this paper, I propose a novel method focuses on the feature extraction, which exploits the inherent encryption behaviour of ransomwares. Specifically, runtime malicious sequential analysis is adopted to establish the desired feature set, which further facilitate the identification of the inherent encryption function. With the proposed method, an accuracy level of 96% was achieved