Reliability of Entropy-based Malware Detection as a Single Method in Preventing Ransomware Attacks


Alkan A. O., DOĞRU İ. A., ATACAK İ.

JOURNAL OF POLYTECHNIC-POLITEKNIK DERGISI, 2024 (ESCI) identifier

Özet

As the complexity of ransomware attacks increases, traditional detection methodologies are often insufficient for detecting and preventing threats. Therefore, modern malware detection methods are used. These are the behavior-, system-, resource-, connectionand entropy-based ransomware detection methods. In this study, we evaluated the effectiveness of an entropy-based malware detection method in detecting ransomware attacks by evaluating the entropy values of malware detected using Binalayze AIR and Binalayze Tactical software. As revealed in the results of our comprehensive field study in which 41477 malware were evaluated, although the entropy-based malware detection method has advantages in that it is easily applicable, can be integrated with other methods, and provides fast results, it can give high rates of false-positive and false-negative results when used alone. The entropy-based method is unreliable unless it is used with hybrid models. More advanced and holistic approaches must be adopted for effective cybersecurity defense.