2024-08-282024-08-282024Assen, .v.d., Huertas Celdrán, A., Luechinger, J., Sánchez Sánchez, P.M., Martínez Pérez, G. y Stiller, B. (2024). A Summary of RansomAI: AI-powered Ransomware for Stealthy Encryption [Póster]. En Jornadas Nacionales de Investigación en Ciberseguridad (JNIC) (9ª.2024. Sevilla) (510-511), Sevilla: Universidad de Sevilla. Escuela Técnica Superior de Ingeniería Informática.978-84-09-62140-8https://hdl.handle.net/11441/162080With Artificial Intelligence (AI) rapidly advancing, ransomware and malware will soon utilize AI techniques to intelligently adapt and evade detection. It might result in ineffective and obsolete cybersecurity solutions. However, the literature lacks AI-powered ransomware samples to verify it. Thus, this work presents a summary of RansomAI, a Reinforce ment Learning-based framework that can be integrated into existing ransomware samples to adapt their encryption behavior and stay stealthy while encrypting files. RansomAI presents an agent that learns the best encryption algorithm, rate, and duration that minimizes its detection while maximizing its dam age. The proposed framework was validated with Ransomware PoC, a ransomware that infected a Raspberry Pi 4 acting as a crowdsensor. A pool of experiments with Deep Q-Learning and Isolation Forest (deployed on the agent and detection system, respectively) has demonstrated that RansomAI evades the detection of Ransomware-PoC affecting the Raspberry Pi 4 in a few minutes with >90% accuracy.application/pdf2engAttribution-NonCommercial-NoDerivatives 4.0 Internacionalhttp://creativecommons.org/licenses/by-nc-nd/4.0/RansomwareReinforcement LearningArtificial IntelligenceMalwareEvasioninfo:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/openAccess