Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

RansomAI: AI-powered Ransomware for Stealthy Encryption (2306.15559v1)

Published 27 Jun 2023 in cs.CR, cs.AI, and cs.LG

Abstract: Cybersecurity solutions have shown promising performance when detecting ransomware samples that use fixed algorithms and encryption rates. However, due to the current explosion of AI, sooner than later, ransomware (and malware in general) will incorporate AI techniques to intelligently and dynamically adapt its encryption behavior to be undetected. It might result in ineffective and obsolete cybersecurity solutions, but the literature lacks AI-powered ransomware to verify it. Thus, this work proposes RansomAI, a Reinforcement Learning-based framework that can be integrated into existing ransomware samples to adapt their encryption behavior and stay stealthy while encrypting files. RansomAI presents an agent that learns the best encryption algorithm, rate, and duration that minimizes its detection (using a reward mechanism and a fingerprinting intelligent detection system) while maximizing its damage function. The proposed framework was validated in a ransomware, Ransomware-PoC, that infected a Raspberry Pi 4, acting as a crowdsensor. A pool of experiments with Deep Q-Learning and Isolation Forest (deployed on the agent and detection system, respectively) has demonstrated that RansomAI evades the detection of Ransomware-PoC affecting the Raspberry Pi 4 in a few minutes with >90% accuracy.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (15)
  1. World Economic Forum, “The Global Risks Report 2023,” 2023, https://www3.weforum.org/docs/WEF_Global_Risks_Report_2023.pdf, Last Visit January 2023.
  2. J. Gillum, “Ransomware Attacks on Industrial Firms Increased by 87% in 2022,” https://www.bnnbloomberg.ca/ransomware-attacks-on-industrial-firms-increased-by-87-in-2022-1.1883569, 2023, last Visit March 2023.
  3. IBM, “Cost of a data breach 2022,” https://www.ibm.com/reports/data-breach, 2023, last Visit March 2023.
  4. P. M. S. Sánchez, J. M. J. Valero, A. H. Celdrán, G. Bovet, M. G. Pérez, and G. M. Pérez, “A Survey on Device Behavior Fingerprinting: Data Sources, Techniques, Application Scenarios, and Datasets,” IEEE Communications Surveys & Tutorials, vol. 23, pp. 1048–1077, 2021.
  5. P. M. S. Sanchez, A. H. Celdran, G. Bovet, G. M. Perez, and B. Stiller, “Specforce: A framework to secure iot spectrum sensors in the internet of battlefield things,” IEEE Communications Magazine, pp. 1–7, 2022.
  6. J. Lüchinger, “RansomAI source code,” https://github.com/jluech/roar_client, 2023, last Visit March 2023.
  7. H. S. Anderson, A. Kharkar, B. Filar, D. Evans, and P. Roth, “Learning to evade static PE machine learning malware models via reinforcement learning,” 2018. [Online]. Available: https://arxiv.org/abs/1801.08917
  8. W. Song, X. Li, S. Afroz, D. Garg, D. Kuznetsov, and H. Yin, “Mab-malware: A reinforcement learning framework for blackbox generation of adversarial malware,” in Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ser. ASIA CCS ’22.   New York, NY, USA: Association for Computing Machinery, 2022, p. 990–1003. [Online]. Available: https://doi.org/10.1145/3488932.3497768
  9. R. Labaca-Castro, S. Franz, and G. D. Rodosek, “Aimed-rl: Exploring adversarial malware examples with reinforcement learning,” in Machine Learning and Knowledge Discovery in Databases. Applied Data Science Track, Y. Dong, N. Kourtellis, B. Hammer, and J. A. Lozano, Eds.   Cham: Springer International Publishing, 2021, pp. 37–52.
  10. R. L. Castro, C. Schmitt, and G. Dreo, “Aimed: Evolving malware with genetic programming to evade detection,” in 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2019, pp. 240–247.
  11. K. Chung, Z. T. Kalbarczyk, and R. K. Iyer, “Availability attacks on computing systems through alteration of environmental control: Smart malware approach,” in Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems, ser. ICCPS ’19.   New York, NY, USA: Association for Computing Machinery, 2019, p. 1–12. [Online]. Available: https://doi.org/10.1145/3302509.3311041
  12. S. Jha, S. Cui, S. Banerjee, J. Cyriac, T. Tsai, Z. Kalbarczyk, and R. K. Iyer, “ML-driven malware that targets AV safety,” in 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2020, pp. 113–124.
  13. M. P. Stoecklin, “Deeplocker: How AI can power a stealthy new breed of malware,” Security Intelligence, August, vol. 8, 2018, accessed: 2022-10-26. [Online]. Available: https://securityintelligence.com/deeplocker-how-ai-can-power-a-stealthy-new-breed-of-malware/
  14. A. Huertas Celdrán, P. M. Sánchez Sánchez, M. Azorín Castillo, G. Bovet, G. Martínez Pérez, and B. Stiller, “Intelligent and behavioral-based detection of malware in iot spectrum sensors,” International Journal of Information Security, pp. 1–21, 2022.
  15. S. Rajendran, R. Calvo-Palomino, M. Fuchs, B. Van den Bergh, H. Cordobés, D. Giustiniano, S. Pollin, and V. Lenders, “Electrosense: Open and big spectrum data,” IEEE Communications Magazine, vol. 56, no. 1, pp. 210–217, 2017.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Youtube Logo Streamline Icon: https://streamlinehq.com

YouTube