POSSE: Patterns of Systems During Software Encryption
This work addresses ransomware threats for cybersecurity systems, but it is incremental as it applies existing machine learning methods to a new detection approach.
The research tackled ransomware detection by using performance monitoring and statistical machine learning to classify computing states (idle, encryption, compression) with over 91% accuracy, aiming to prevent hard-drive locking and ransom demands.
This research recasts ransomware detection using performance monitoring and statistical machine learning. The work builds a test environment with 41 input variables to label and compares three computing states: idle, encryption and compression. A common goal of this behavioral detector seeks to anticipate and short-circuit the final step of hard-drive locking with encryption and the demand for payment to return the file system to its baseline. Comparing machine learning techniques, linear regression outperforms random forest, decision trees, and support vector machines (SVM). All algorithms classified the 3 possible classes (idle, encryption, and compression) with greater than 91% accuracy.