API based discrimination of ransomware and benign cryptographic programs

Paul Black*, Ammar Sohail, Iqbal Gondal, Joarder Kamruzzaman, Peter Vamplew, Paul Watters

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

2 Citations (Scopus)


Ransomware is a widespread class of malware that encrypts files in a victim’s computer and extorts victims into paying a fee to regain access to their data. Previous research has proposed methods for ransomware detection using machine learning techniques. However, this research has not examined the precision of ransomware detection. While existing techniques show an overall high accuracy in detecting novel ransomware samples, previous research does not investigate the discrimination of novel ransomware from benign cryptographic programs. This is a critical, practical limitation of current research; machine learning based techniques would be limited in their practical benefit if they generated too many false positives (at best) or deleted/quarantined critical data (at worst). We examine the ability of machine learning techniques based on Application Programming Interface (API) profile features to discriminate novel ransomware from benign-cryptographic programs. This research provides a ransomware detection technique that provides improved detection accuracy and precision compared to other API profile based ransomware detection techniques while using significantly simpler features than previous dynamic ransomware detection research.

Original languageEnglish
Title of host publicationNeural information processing
Subtitle of host publication27th international conference, ICONIP 2020, proceedings
EditorsHaiqin Yang, Kitsuchart Pasupa, Andrew Chi-Sing Leung, James T. Kwok, Jonathan H. Chan, Irwin King
Place of PublicationCham, Switzerland
PublisherSpringer, Springer Nature
Number of pages12
ISBN (Electronic)9783030638337
ISBN (Print)9783030638320
Publication statusPublished - 2020
Externally publishedYes
EventInternational Conference on Neural Information Processing (27th : 2020) - Bangkok, Thailand
Duration: 18 Nov 202022 Nov 2020

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Conference on Neural Information Processing (27th : 2020)
Abbreviated titleICONIP 2020


  • Dynamic analysis
  • Internet security and privacy
  • Machine learning
  • Ransomware


Dive into the research topics of 'API based discrimination of ransomware and benign cryptographic programs'. Together they form a unique fingerprint.

Cite this