Ransomware vs Malware Classification Using Subgraph Mining of Function Call Graph
Primary Investigator:
Feng Li
Garvit Agarwal, Feng Li
Abstract
In our research, we delve into the often-overlooked difference between ransomware and general malware. It’s an important distinction that matters a great deal when it comes to how we defend our digital spaces. By utilizing the keen observational environment of Cuckoo Sandbox, we pull out the patterns of API calls that give away the software's intent. These patterns are mapped out into graphs, each labeled by the type of activity they represent, whether it’s a network signal or a file alteration. We then zoom in on the most telling parts of these graphs, converting them into a numerical form that can tell us the story at a glance. To make sense of this data, we crafted a 1D Convolutional Neural Network that learns to tell apart the villains from the mere tricksters. Our work not only sheds light on a nuanced aspect of cybersecurity but also equips systems with sharper tools to prioritize threats and protect our digital environment more effectively.