Not logged in.

Quick Search - Contribution

Contribution Details

Type Conference or Workshop Paper
Scope Discipline-based scholarship
Published in Proceedings Yes
Title RansomAI: AI-powered Ransomware for Stealthy Encryption
Organization Unit
Authors
  • Jan von der Assen
  • Alberto Huertas Celdran
  • Janik Luechinger
  • Pedro Miguel Sánchez Sánchez
  • Gérôme Bovet
  • Gregorio Martínez Pérez
  • Burkhard Stiller
Presentation Type paper
Item Subtype Original Work
Refereed No
Status Published in final form
Language
  • English
ISSN 1930-529X
Page Range 2578 - 2583
Event Title IEEE Global Communications Conference
Event Type conference
Event Location Kuala Lumpur, Malaysia
Event Start Date December 4 - 2023
Event End Date December 8 - 2023
Series Name IEEE Global Communications Conference
Place of Publication Kuala Lumpur, Malaysia
Publisher Institute of Electrical and Electronics Engineers
Abstract Text Cybersecurity solutions have shown promising performance when detecting ransomware samples that use fixed algorithms and encryption rates. However, due to the current explosion of Artificial Intelligence (AI), sooner than later, ransomware (and malware in general) will incorporate AI techniques to intelligently and dynamically adapt its encryption behavior to be undetected. It might result in ineffective and obsolete cybersecurity solutions, but the literature lacks AI-powered ransomware to verify it. Thus, this work proposes RansomAI, a Reinforcement Learning-based framework that can be integrated into existing ransomware samples to adapt their encryption behavior and stay stealthy while encrypting files. RansomAI presents an agent that learns the best encryption algorithm, rate, and duration that minimizes its detection (using a reward mechanism and a fingerprinting intelligent detection system) while maximizing its damage function. The proposed framework was validated in a ransomware, Ransomware-PoC, that infected a Raspberry Pi 4, acting as a crowdsensor. A pool of experiments with Deep Q-Learning and Isolation Forest (deployed on the agent and detection system, respectively) has demonstrated that RansomAI evades the detection of Ransomware-PoC affecting the Raspberry Pi 4 in a few minutes with >90% accuracy.
Digital Object Identifier 10.1109/GLOBECOM54140.2023.10437393
PDF File Download from ZORA
Export BibTeX
EP3 XML (ZORA)