Paper 2022/014

Transformer encoder-based Crypto-Ransomware Detection for Low-Power Embedded Processors

Hyunji Kim, Sejin Lim, Yeajun Kang, Wonwoong Kim, and Hwajeong Seo

Abstract

Crypto-ransomware has a process to encrypt the victim's files, and crypto-ransomware requests the victim for money for a key to decrypt the encrypted file. In this paper, we present new approaches to prevent crypto-ransomware by detecting block cipher algorithms for Internet of Things (IoT) platforms. The generic software of the AVR package and the lightweight block cipher library (FELICS) written in C language was trained through the neural network, and then we evaluated the result. Unlike the previous technique, the proposed method does not extract sequence and frequency characteristics, but considers opcodes and opcode sequences as words and sentences, performs word embedding, and then inputs them to the neural network based on the encoder structure of the transformer model. Through this approach, the file size was reduced by 0.5 times while maintaining a similar level of classification performance compared to the previous method. The detection success rate for the proposed method was evaluated with the F-measured value, which is the harmonic mean of precision and recall. In addition to achieving 98% crypto-ransomware detection success rates, classification by benign firmware and lightweight cryptography algorithm, Substitution-Permutation-Network (SPN) structure, Addition-Rotation-eXclusive-or structure (ARX) and normal firmware classification are also possible.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
Deep learningCryptographyRansomwareInternet of Things
Contact author(s)
hwajeong84 @ gmail com
History
2022-01-08: revised
2022-01-07: received
See all versions
Short URL
https://ia.cr/2022/014
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/014,
      author = {Hyunji Kim and Sejin Lim and Yeajun Kang and Wonwoong Kim and Hwajeong Seo},
      title = {Transformer encoder-based Crypto-Ransomware Detection for Low-Power Embedded Processors},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/014},
      year = {2022},
      url = {https://eprint.iacr.org/2022/014}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.