RanViz : ransomware visualization and classification based on time-series categorical representation of API calls

dc.contributor.authorMokoma, Vhuhwavho
dc.contributor.authorSingh, Avinash
dc.contributor.emailu20470992@tuks.co.za
dc.date.accessioned2025-07-29T12:07:22Z
dc.date.available2025-07-29T12:07:22Z
dc.date.issued2025-03
dc.description.abstractRansomware continues to pose a significant threat to individuals and organizations worldwide, causing disruptions, financial losses, and reputational damage. As ransomware attacks grow in sophistication, understanding their behaviour through effective analysis has become increasingly critical for mitigation and prevention. However, ransomware analysis presents several challenges. First, the sheer volume of Application Programming Interface (API) call data generated by ransomware during execution can overwhelm traditional analysis methods. Second, the temporal and categorical nature of this data makes identifying meaningful patterns complex. Third, the integration of machine learning (ML) models, which are essential for accurate classification, is hindered by the difficulty of modelling intricate API call behaviours. Without effective tools to address these issues, analysts risk missing critical behavioural indicators. To overcome these challenges, the proposed Ransomware Visualization (RanViz) system was developed to provide a comprehensive visual analytics and classification platform designed to enhance ransomware analysis. RanViz employs advanced visualization techniques to represent categorical API call time-series data, enabling analysts to intuitively understand ransomware behaviours that might otherwise remain obscured. The system incorporates ML models based on API call frequency, temporal interval, and sequence to classify unknown samples as either benign or ransomware. The models collectively achieve an accuracy of over 95% in detecting ransomware. By providing a unified platform that combines powerful visualization tools with high-performing ML models, RanViz simplifies ransomware analysis and offers a robust framework for accurate classification. This makes it an invaluable tool for digital forensics and cybersecurity professionals tasked with addressing the ever-evolving ransomware threat.
dc.description.departmentComputer Science
dc.description.librarianhj2025
dc.description.sdgSDG-09: Industry, innovation and infrastructure
dc.description.urihttp://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639
dc.identifier.citationV. Mokoma and A. Singh, "RanViz: Ransomware Visualization and Classification Based on Time-Series Categorical Representation of API Calls," in IEEE Access, vol. 13, pp. 56237-56254, 2025, doi: 10.1109/ACCESS.2025.3555163.
dc.identifier.issn2169-3536 (online)
dc.identifier.other10.1109/ACCESS.2025.3555163
dc.identifier.urihttp://hdl.handle.net/2263/103665
dc.language.isoen
dc.publisherInstitute of Electrical and Electronics Engineers
dc.rights© 2025 The Authors. This work is licensed under a Creative Commons Attribution 4.0 License. See https://creativecommons.org/licenses/by/4.0.
dc.subjectAPI calls
dc.subjectMalware
dc.subjectData visualization
dc.subjectApplication programming interface (API)
dc.subjectEncryption
dc.subjectMachine learning
dc.subjectVisual analytics
dc.subjectOrganizations
dc.subjectComputer security
dc.subjectComplexity theory
dc.subjectRansomware analysis
dc.subjectTime series
dc.subjectVisualization
dc.titleRanViz : ransomware visualization and classification based on time-series categorical representation of API calls
dc.typeArticle

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Mokoma_RanViz_2025.pdf
Size:
2.17 MB
Format:
Adobe Portable Document Format
Description:
Article

License bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description: