Pith

open record

sign in

arxiv: 2306.15559 · v1 · pith:UHA2OE6Y · submitted 2023-06-27 · cs.CR · cs.AI· cs.LG

RansomAI: AI-powered Ransomware for Stealthy Encryption

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:UHA2OE6Yrecord.jsonopen to challenge →

classification cs.CR cs.AIcs.LG
keywords ransomwareencryptiondetectionransomaiadaptagentai-poweredbehavior
0
0 comments X
read the original abstract

Cybersecurity solutions have shown promising performance when detecting ransomware samples that use fixed algorithms and encryption rates. However, due to the current explosion of Artificial Intelligence (AI), sooner than later, ransomware (and malware in general) will incorporate AI techniques to intelligently and dynamically adapt its encryption behavior to be undetected. It might result in ineffective and obsolete cybersecurity solutions, but the literature lacks AI-powered ransomware to verify it. Thus, this work proposes RansomAI, a Reinforcement Learning-based framework that can be integrated into existing ransomware samples to adapt their encryption behavior and stay stealthy while encrypting files. RansomAI presents an agent that learns the best encryption algorithm, rate, and duration that minimizes its detection (using a reward mechanism and a fingerprinting intelligent detection system) while maximizing its damage function. The proposed framework was validated in a ransomware, Ransomware-PoC, that infected a Raspberry Pi 4, acting as a crowdsensor. A pool of experiments with Deep Q-Learning and Isolation Forest (deployed on the agent and detection system, respectively) has demonstrated that RansomAI evades the detection of Ransomware-PoC affecting the Raspberry Pi 4 in a few minutes with >90% accuracy.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.