Open Access iconOpen Access

ARTICLE

crossmark

Ransomware Classification Framework Using the Behavioral Performance Visualization of Execution Objects

by Jun-Seob Kim, Ki-Woong Park*

1 Department of Computer and Information Security, and Convergence Engineering for Intelligent Drone, Sejong University, Seoul, 05006, Korea

* Corresponding Author: Ki-Woong Park. Email: email

Computers, Materials & Continua 2022, 72(2), 3401-3424. https://doi.org/10.32604/cmc.2022.026621

Abstract

A ransomware attack that interrupted the operation of Colonial Pipeline (a large U.S. oil pipeline company), showed that security threats by malware have become serious enough to affect industries and social infrastructure rather than individuals alone. The agents and characteristics of attacks should be identified, and appropriate strategies should be established accordingly in order to respond to such attacks. For this purpose, the first task that must be performed is malware classification. Malware creators are well aware of this and apply various concealment and avoidance techniques, making it difficult to classify malware. This study focuses on new features and classification techniques to overcome these difficulties. We propose a behavioral performance visualization method using utilization patterns of system resources, such as the central processing unit, memory, and input/output, that are commonly used in performance analysis or tuning of programs. We extracted the usage patterns of the system resources for ransomware to perform behavioral performance visualization. The results of the classification performance evaluation using the visualization results indicate an accuracy of at least 98.94% with a 3.69% loss rate. Furthermore, we designed and implemented a framework to perform the entire process—from data extraction to behavioral performance visualization and classification performance measurement—that is expected to contribute to related studies in the future.

Keywords


Cite This Article

APA Style
Kim, J., Park, K. (2022). Ransomware classification framework using the behavioral performance visualization of execution objects. Computers, Materials & Continua, 72(2), 3401-3424. https://doi.org/10.32604/cmc.2022.026621
Vancouver Style
Kim J, Park K. Ransomware classification framework using the behavioral performance visualization of execution objects. Comput Mater Contin. 2022;72(2):3401-3424 https://doi.org/10.32604/cmc.2022.026621
IEEE Style
J. Kim and K. Park, “Ransomware Classification Framework Using the Behavioral Performance Visualization of Execution Objects,” Comput. Mater. Contin., vol. 72, no. 2, pp. 3401-3424, 2022. https://doi.org/10.32604/cmc.2022.026621



cc Copyright © 2022 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1368

    View

  • 816

    Download

  • 0

    Like

Share Link