PSAU-Defender: a Device-Agnostic Approach to Defend Against Ransomware Vulnerabilities

Abstract

This research provides a comprehensive analysis of the lifecycle and characteristics of ransomware attacks, aiming to establish a robust foundation for future studies in the field. The study critically examines various techniques for detecting ransomware, highlighting their strengths and weaknesses. Building on these insights, the author introduces PSAU-Defender, a specialized framework designed to identify crucial features for effective ransomware detection. By employing the Mutual Information criterion, the proposed method successfully identifies the most relevant features from a broad range of considerations, allowing PSAU-Defender to achieve high detection performance while utilizing a concise feature set. The framework's ability to adapt and detect new ransomware families is also emphasized. Rigorous testing is conducted to evaluate its effectiveness, resulting in impressive average detection rates for emerging ransomware families. Furthermore, this research contributes by proposing a method for generating datasets programmatically that capture the dynamic behavior of both legitimate and malicious programs, including ransomware. The development of an automation framework enhances the attribution and capture of "run traces" from executing packages, making a unique contribution to the field. The findings strongly support the effectiveness of ensemble scanners in identifying ransomware and preventing evasion attacks. Overall, the proposed framework, along with its experimental results, validates significant advancements in ransomware detection, automation, and dataset generation, ultimately enhancing security measures against ransomware attacks.