In this project, we identify suspicious indicators on the generated PE metadata of ransomware based on the exploratory data analysis tasks and domain knowledge. Additionally, we leverage the powerful one-class classification algorithms to capture the similarities among all the studied ransomware samples. Our goal is to help researchers gain a better understanding of ransomware application profiles through static analysis based on 727 active ransomware samples.
The research project has been published at the 2021 IEEE Symposium Series on Computational Intelligence (IEEE SSCI 2021).
If you use our implementation for academic research, you are highly encouraged to cite our paper.
@inproceedings{ayub2021similarity,
title={Similarity Analysis of Ransomware based on Portable Executable (PE) File Metadata},
author={Ayub, Md Ahsan and Siraj, Ambareen},
booktitle={2021 IEEE Symposium Series on Computational Intelligence (SSCI)},
pages={1--6},
year={2021},
organization={IEEE}
}
The work has been entire funded by Cybersecurity Education, Research & Outreach Center (CEROC) at Tennessee Tech University.