paint-brush
Majority Voting Approach to Ransomware Detection: Limitationsby@encapsulation

Majority Voting Approach to Ransomware Detection: Limitations

tldt arrow

Too Long; Didn't Read

In this paper, researchers propose a new majority voting approach to ransomware detection.
featured image - Majority Voting Approach to Ransomware Detection: Limitations
Bundling data and functions into a single unit HackerNoon profile picture

Authors:

(1) Simon R. Davies, School of Computing, Edinburgh Napier University, Edinburgh, UK ([email protected]);

(2) Richard Macfarlane, School of Computing, Edinburgh Napier University, Edinburgh, UK;

(3) William J. Buchanan, School of Computing, Edinburgh Napier University, Edinburgh, UK.

5.1. Limitations

While the majority voting approach to identifying malicious processes has a high level of accuracy, as always the situation exists where once a ransomware developer is aware of the techniques being used to identify malicious behaviour, they have the possibility of modifying or adapting the ransomware’s behaviour to avoid the tests in newer releases of their programs. The advantage of the majority voting approach is that the system does not rely on a single catchall test, rather detection is a combination of many accurate tests. A consequence of this is that the ransomware developer may have to significantly modify the behaviour of their programs, and possibly disregard some aspects of their original behaviour to avoid detection.


This paper is available on arxiv under CC BY 4.0 DEED license.