A novel Self-Organizing Network solution towards Crypto-ransomware Mitigation

Monge, Marco Antonio Sotelo; Vidal, Jorge Maestre; Villalba, Luis Javier García

doi:10.1145/3230833.3233249

Cited by 14 publications

(12 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mehnaz and Mudgerikar [ 34 ] also used the decoy approach for early ransomware detection and prevention. Moreover, relying solely on decoy-based detection does not ensure that ransomware will target the decoy files first, thereby placing the victim’s data at considerable risk [ 35 , 36 ].…”

Section: Ransomware Detection and Neutralization Methodsmentioning

confidence: 99%

Entropy Sharing in Ransomware: Bypassing Entropy-Based Detection of Cryptographic Operations

Bang,

Kim,

Lee

2024

Sensors

View full text Add to dashboard Cite

This study presents a groundbreaking approach to the ever-evolving challenge of ransomware detection. A lot of detection methods predominantly rely on pinpointing high-entropy blocks, which is a hallmark of the encryption techniques commonly employed in ransomware. These blocks, typically difficult to recover, serve as key indicators of malicious activity. So far, many neutralization techniques have been introduced so that ransomware utilizing standard encryption can effectively bypass these entropy-based detection systems. However, these have limited capabilities or require relatively high computational costs. To address these problems, we introduce a new concept entropy sharing. This method can be seamlessly integrated with every type of cryptographic algorithm and is also composed of lightweight operations, masking the high-entropy blocks undetectable. In addition, the proposed method cannot be easily nullified, contrary to simple encoding methods, without knowing the order of shares. Our findings demonstrate that entropy sharing can effectively bypass entropy-based detection systems. Ransomware utilizing such attack methods can cause significant damage, as they are difficult to detect through conventional detection methods.

show abstract

Section: Ransomware Detection and Neutralization Methodsmentioning

confidence: 99%

Entropy Sharing in Ransomware: Bypassing Entropy-Based Detection of Cryptographic Operations

Bang,

Kim,

Lee

2024

Sensors

View full text Add to dashboard Cite

show abstract

“…Kolodenker et al [132] proposed Paybreak, which fights ransomware by keeping by holding encryption keys in escrow and allowing victims to restore encrypted files without paying the ransom. Monge et al [137] stressed on monitoring the environment without the involvement of a human operator. Their model is based on a self-organizing network framework and involves mitigation against crypto-ransomware families that contact suspicious C&C servers for encryption keys.…”

Section: Mitigationmentioning

confidence: 99%

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

et al. 2023

View full text Add to dashboard Cite

The proliferation of ransomware has become a significant threat to cybersecurity in recent years, causing significant financial, reputational, and operational damage to individuals and organizations. This paper aims to provide a comprehensive overview of the evolution of ransomware, its taxonomy, and its state-of-the-art research contributions. We begin by tracing the origins of ransomware and its evolution over time, highlighting the key milestones and major trends. Next, we propose a taxonomy of ransomware that categorizes different types of ransomware based on their characteristics and behavior. Subsequently, we review the existing research over several years in regard to detection, prevention, mitigation, and prediction techniques. Our extensive analysis, based on more than 150 references, has revealed that significant research, specifically 72.8%, has focused on detecting ransomware. However, a lack of emphasis has been placed on predicting ransomware. Additionally, of the studies focused on ransomware detection, a significant portion, 70%, have utilized machine learning methods. We further discuss the challenges found such as the ones related to obtaining ransomware datasets. In addition, our study uncovers a range of shortcomings in research pertaining to real-time protection and identifying zero-day ransomware. Adversarial machine learning exploitation has been identified as an under-researched area in the field. This survey is a constructive roadmap for researchers interested in ransomware research matters.

show abstract

“…The conventional detection models made the decisions by considering the entire runtime data. Some of these models fell in post-encryption phase while performing the detection [124,125].…”

Section: Conventional Detection Studiesmentioning

confidence: 99%

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

et al. 2021

View full text Add to dashboard Cite

Ransomware is an ill-famed malware that has received recognition because of its lethal and irrevocable effects on its victims. The irreparable loss caused due to ransomware requires the timely detection of these attacks. Several studies including surveys and reviews are conducted on the evolution, taxonomy, trends, threats, and countermeasures of ransomware. Some of these studies were specifically dedicated to IoT and android platforms. However, there is not a single study in the available literature that addresses the significance of dynamic analysis for the ransomware detection studies for all the targeted platforms. This study also provides the information about the datasets collection from its sources, which were utilized in the ransomware detection studies of the diverse platforms. This study is also distinct in terms of providing a survey about the ransomware detection studies utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection. The presented work considers the ransomware detection studies conducted from 2019 to 2021. This study provides an ample list of future directions which will pave the way for future research.

show abstract

A novel Self-Organizing Network solution towards Crypto-ransomware Mitigation

Cited by 14 publications

References 48 publications

Entropy Sharing in Ransomware: Bypassing Entropy-Based Detection of Cryptographic Operations

Entropy Sharing in Ransomware: Bypassing Entropy-Based Detection of Cryptographic Operations

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

Contact Info

Product

Resources

About