Ransomware attacks have increased significantly in recent years, causing
great destruction and damage to critical systems and business operations.
Attackers are unfailingly finding innovative ways to bypass detection
mechanisms, whichencouraged the adoption of artificial intelligence. However,
most research summarizes the general features of AI and induces many false
positives, as the behavior of ransomware constantly differs to bypass
detection. Focusing on the key indicating features of ransomware becomes vital
as this guides the investigator to the inner workings and main function of
ransomware itself. By utilizing access privileges in process memory, the main
function of the ransomware can be detected more easily and accurately.
Furthermore, new signatures and fingerprints of ransomware families can be
identified to classify novel ransomware attacks correctly. The current research
used the process memory access privileges of the different memory regions of
the behavior of an executable to quickly determine its intent before serious
harm can occur. To achieve this aim, several well-known machine learning
algorithms were explored with an accuracy range of 81.38 to 96.28 percents. The
study thus confirms the feasibility of utilizing process memory as a detection
mechanism for ransomware.
