Crypto-ransomware Detection through Quantitative API-based Behavioral Profiling. (arXiv:2306.02270v2 [cs.CR] UPDATED)

With crypto-ransomware's unprecedented scope of impact and evolving level of
sophistication, there is an urgent need to pinpoint the security gap and
improve the effectiveness of defenses by identifying new detection approaches.
Based on our characterization results on dynamic API behaviors of ransomware,
we present a new API profiling-based detection mechanism. Our method involves
two operations, namely consistency analysis and API-contrast-based refinement.
We evaluate it against a set of real-world ransomware and also benign samples.
We effectively detect all ransomware …

api crypto detection dynamic gap impact pinpoint profiling quantitative ransomware ransomware detection results scope security unprecedented urgent