Majority Voting Approach to Ransomware Detection: Future Work

cover
13 Jun 2024

Authors:

(1) Simon R. Davies, School of Computing, Edinburgh Napier University, Edinburgh, UK (s.davies@napier.ac.uk);

(2) Richard Macfarlane, School of Computing, Edinburgh Napier University, Edinburgh, UK;

(3) William J. Buchanan, School of Computing, Edinburgh Napier University, Edinburgh, UK.

5.2. Future Work

The results achieved during the Windows API call analysis could possibly be improved by further investigation and modifications to the types of API calls present, their frequency and their position within the file or process memory. One area of further work would be a deeper analysis of this aspect of the binaries and volatile memory. Another area of work would be to introduce a weighting element to the measurements, allowing some tests to have a greater influence on the final classification results.

Analyses of other types of tests could also be performed. Examples of which could be: multiple-file read and write operations, high entropy differences between read and write operations, file tree traversal, privilege escalation, accessing crypto API functionality, accessing unusual domain names, generation of large amounts of traffic, DGA detection [11, 66] and the termination of a large number of processes.

This paper is available on arxiv under CC BY 4.0 DEED license.