Skip to main content
SpringerLink
Log in

A State-of-the-Art Survey on Ransomware Detection using Machine Learning and Deep Learning

  • Chapter
  • First Online:
Modern Artificial Intelligence and Data Science

Part of the book series: Studies in Computational Intelligence ((SCI,volume 1102))

  • 486 Accesses

Abstract

The world has noticed an alarming surge in ransomware cyberattacks these last years, causing an important financial losses to various organizations. Ransomware attacks are types of malware that usually lock the users’ devices or encrypt their data files and request them to pay money (ransom) to unlock the devices or to recover the encrypted files. Several researches proposed techniques to detect this kind of malwares in their early stages of propagation. However, most of these detection methods followed a signature-based technique, which have difficulties to detect zero-day and unknown ransomware. New techniques that can dynamically identify and stop this type of ransomware are thus desperately needed. In this direction, machine learning and deep learning techniques are recently applied in ransomware detection, spam detection, image recognition, … etc. In this paper, we provide a survey about the ransomware detection studies using machine learning and deep learning techniques, conducted from 2017 to 2022. This paper also provides an in-depth list of possible directions for future study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Trend Micro Incorporated, The next tier—8 security predictions for 2017—security predictions, 2017. Accessed 25 June 2022

    Google Scholar 

  2. Sophos, Sophos state of ransomware 2022 report (2022)

    Google Scholar 

  3. Kaspersky, Ransomware attacks and types—how encryption trojans differ (2022). Accessed 4 April 2022

    Google Scholar 

  4. L. Constantin, New locky ransomware version can operate in offline mode (2016). Accessed 30 June 2022

    Google Scholar 

  5. T. Burt, New action to disrupt world’s largest online criminal network (2020). Accessed 23 April 2022

    Google Scholar 

  6. C. Burdova, What is eternalblue and why is the ms17-010 exploit still relevant? (2020). Accessed 23 April 2022

    Google Scholar 

  7. Map of how tens of thousands of computers were infected with wan-nacry (2017). Accessed 30 June 2022

    Google Scholar 

  8. Malwarebytes Threat Intelligence,. What is emotet malware and how to protect yourself (2021). Accessed 1 April 2022

    Google Scholar 

  9. Wikipedia, Darkside hacker group (2021). Accessed 22 May 2022

    Google Scholar 

  10. A. Hobbs, The Colonial Pipeline Hack: Exposing Vulnerabilities in us Cybersecurity (In SAGE Business Cases. SAGE Publications, SAGE Business Cases Originals, 2021)

    Book  Google Scholar 

  11. Threat Intelligence Team, Ransomware: April 2022 review (2022). Accessed 25 May 2022

    Google Scholar 

  12. B. Toulas, Qbot now pushes black basta ransomware in bot-powered attacks (2022). Accessed 25 June 2022

    Google Scholar 

  13. S. Gatlan, Linux version of black basta ransomware targets vmware esxi servers (2022). Accessed 25 June 2022

    Google Scholar 

  14. Dr. J. Popp, Aids trojan horse (2021). Accessed 23 May 2022

    Google Scholar 

  15. J. De Groot, A history of ransomware attacks: The biggest and worst ransomware attacks of all time (2022). Accessed 1 June 2022

    Google Scholar 

  16. J. Johnson, Number of new ransomware families 2020 (2021). Accessed 12 June 2022

    Google Scholar 

  17. Kaspersky, Iformaiton technology threat evolution in q1 2022. non- mobile statistics (2022). Accessed 28 June 2022

    Google Scholar 

  18. Ayed Al Qartah, Evolving Ransomware Attacks on Healthcare Providers. PhD thesis, Utica College (2020)

    Google Scholar 

  19. Kasey Panetta, The top 8 cybersecurity predictions for 2021–2022 (2021). Accessed 30 June 2022

    Google Scholar 

  20. Ransomware actors increasingly demand payment in monero. Accessed 1 June 2022

    Google Scholar 

  21. S. Poudyal, K.P. Subedi, D. Dasgupta, A framework for analyzing ransomware using machine learning, in 2018 IEEE Symposium Series on Computational Intelligence (SSCI) (IEEE, 2018), pp. 1692–1699

    Google Scholar 

  22. Y.-L. Wan, J.-C. Chang, R.-J. Chen, S.-J. Wang, Feature-selection-based ransomware detection with machine learning of data analysis, in 2018 3rd International Conference on Computer and Communication Systems (ICCCS) (IEEE, 2018), pp. 85–88

    Google Scholar 

  23. Y. Takeuchi, K. Sakai, S. Fukumoto, Detecting ran- somware using support vector machines, in Proceedings of the 47th International Conference on Parallel Processing Companion (2018) pp. 1– 6

    Google Scholar 

  24. S.H. Kok, A. Azween, N.Z. Jhanjhi, Evaluation metric for crypto- ransomware detection using machine learning. J. Inf. Secur. Appl. 55, 102646 (2020)

    Google Scholar 

  25. S.I. Bae, G.B. Lee, E.G. Im, Ransomware detection using machine learning algorithms. Concurr. Comput.: Pract. Exp. 32(18), e5422 (2020)

    Google Scholar 

  26. G. Cusack, O. Michel, E. Keller, Machine learning-based detection of ransomware using sdn, in Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (2018), pp. 1–6

    Google Scholar 

  27. F. Khan, C. Ncube, L. Kumar Ramasamy, S. Kadry, Y. Nam, A digital dna sequencing engine for ransomware detection using machine learning. IEEE Access 8, 119710–119719 (2020)

    Google Scholar 

  28. B. Mohammed Khammas, Ransomware detection using random forest technique. ICT Express 6(4), 325–331 (2020)

    Google Scholar 

  29. A. Dash, S. Pal, C. Hegde, Ransomware auto-detection in iot devices using machine learning. no. December (2018). pp. 0–10

    Google Scholar 

  30. S. Egunjobi, S. Parkinson, A. Crampton, Classifying ransomware using machine learning algorithms, in International Conference on Intelligent Data Engineering and Automated Learning (Springer, 2019. pp. 45–52

    Google Scholar 

  31. J. Hwang, J. Kim, S. Lee, K. Kim, Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wireless Pers. Commun. 112(4), 2597–2609 (2020)

    Article  Google Scholar 

  32. H. Zhang, X. Xiao, F. Mercaldo, S. Ni, F. Martinelli, A.K. Sangaiah, Classification of ransomware families with machine learning based onn-gram of opcodes. Futur. Gener. Comput. Syst. 90, 211–221 (2019)

    Google Scholar 

  33. M. Masum, Md J. Hossain Faruk, H. Shahriar, K. Qian, D. Lo, M. Islam Adnan. Ransomware classifica- tion and detection with machine learning algorithms, in 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC) (IEEE, 2022). pp. 0316–0322

    Google Scholar 

  34. S. Kashif Shaukat, V.J. Ribeiro, Ransomwall: A layered defense system against cryptographic ransomware attacks using machine learning, in 2018 10th International Conference on Communication Systems & Networks (COMSNETS) (IEEE, 2018). pp. 356–363

    Google Scholar 

  35. A. Ashraf, A. Aziz, U. Zahoora, M. Rajarajan, A. Khan, Ransomware analysis using feature engineering and deep neural networks. arXiv preprint arXiv:1910.00286 (2019)

  36. S. Maniath, A. Ashok, P. Poornachandran, VG Su- jadevi, Prem Sankar AU, and Srinath Jan. Deep learning lstm based ransomware detection, in 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE) (IEEE, 2017). pp. 442–446

    Google Scholar 

  37. G. AbdulsalamYa’u, G. Kuwunidi Job, S. Mustapha Waziri, B. Jaafar, N. Ado SabonGari, I. Zahraddeen Yakubu, Deep learning for detecting ransomware in edge computing devices based on autoencoder classifier, in 2019 4th International Conference on Electrical, Electronics, Communication, Computer Tech- nologies and Optimization Techniques (ICEECCOT) (IEEE, 2019). pp 240–243

    Google Scholar 

  38. Thezoo: Make the possibility of malware analysis open and available to the public. Accessed 1 April 2022

    Google Scholar 

  39. Malware-traffic-analysis. a source for pcap files and malware samples. Accessed 1 April 2022

    Google Scholar 

  40. Inc. hybrid analysis gmbh. free automated malware analysis service - powered by falcon sandbox. Accessed 1 April 2022

    Google Scholar 

  41. Virusshare.com—because sharing is caring. Accessed 1 April 2022

    Google Scholar 

  42. Virustotal. api scripts. Accessed 2 April 2022

    Google Scholar 

  43. A source for packet capture (pcap) files and malware samples. Accessed 2 April 2022

    Google Scholar 

  44. A real-world dataset. Accessed 2 April 2022

    Google Scholar 

  45. Virustotal. Accessed 2 April 2022

    Google Scholar 

  46. Weka. Accessed 2 April 2022

    Google Scholar 

  47. Riss: Resilient information systems security—ransomware dataset. Accessed 4 April 2022

    Google Scholar 

  48. Ransomware detection using machine learning—github. Accessed 4 April 2022

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, Computer Science and Networks, INPT, Rabat, Morocco

    Loubna Moujoud, Meryeme Ayache & Abdelhamid Belmekki

Authors
  1. Loubna Moujoud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Meryeme Ayache
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abdelhamid Belmekki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Loubna Moujoud .

Editor information

Editors and Affiliations

  1. Faculty of Science, IPSS Team, Computer Science Department, Mohammed V University in Rabat, Rabat, Morocco

    Abdellah Idrissi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Moujoud, L., Ayache, M., Belmekki, A. (2023). A State-of-the-Art Survey on Ransomware Detection using Machine Learning and Deep Learning. In: Idrissi, A. (eds) Modern Artificial Intelligence and Data Science. Studies in Computational Intelligence, vol 1102. Springer, Cham. https://doi.org/10.1007/978-3-031-33309-5_15

Download citation

Publish with us

Policies and ethics

Search

Navigation