Detecting crypto-ransomware in IoT networks based on energy consumption footprint

Azmoodeh, Amin; Dehghantanha, Ali; Conti, Mauro; Choo, Kim‐Kwang Raymond

doi:10.1007/s12652-017-0558-5

Cited by 220 publications

(99 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This approach could be more robust compared to other detection techniques based on the behaviour or pattern profile of the device, since it is harder to hide or fake energy consumption characteristic. A paper by Azmoodeh et al (2017) demonstrated the feasibility of this energy consumption monitoring approach for detecting potential ransomware apps on Android devices. They managed to achieve a detection rate of 95.65% and a precision rate of 89.19%, which point to the feasibility of this approach.…”

Section: Tools and Strategies For Analysing Ransomwarementioning

confidence: 99%

Ransomware deployment methods and analysis: views from a predictive model and human responses

Hull

John²,

Arief

2019

Crime Sci

View full text Add to dashboard Cite

Ransomware incidents have increased dramatically in the past few years. The number of ransomware variants is also increasing, which means signature and heuristic-based detection techniques are becoming harder to achieve, due to the ever changing pattern of ransomware attack vectors. Therefore, in order to combat ransomware, we need a better understanding on how ransomware is being deployed, its characteristics, as well as how potential victims may react to ransomware incidents. This paper aims to address this challenge by carrying out an investigation on 18 families of ransomware, leading to a model for categorising ransomware behavioural characteristics, which can then be used to improve detection and handling of ransomware incidents. The categorisation was done in respect to the stages of ransomware deployment methods with a predictive model we developed called Randep. The stages are fingerprint, propagate, communicate, map, encrypt, lock, delete and threaten. Analysing the samples gathered for the predictive model provided an insight into the stages and timeline of ransomware execution. Furthermore, we carried out a study on how potential victims (individuals, as well as IT support staff at universities and SMEs) detect that ransomware was being deployed on their machine, what steps they took to investigate the incident, and how they responded to the attack. Both quantitative and qualitative data were collected through questionnaires and in-depth interviews. The results shed an interesting light into the most common attack methods, the most targeted operating systems and the infection symptoms, as well as recommended defence mechanisms. This information can be used in the future to create behavioural patterns for improved ransomware detection and response. which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

show abstract

Section: Tools and Strategies For Analysing Ransomwarementioning

confidence: 99%

Ransomware deployment methods and analysis: views from a predictive model and human responses

Hull

John²,

Arief

2019

Crime Sci

View full text Add to dashboard Cite

show abstract

“…The proposed approach failed due to the noise introduced by unpredictable user and environment interactions. More recent work by Azmoodeh et al [21] demonstrated that ransomware can be detected on Android devices by monitoring power consumption alone. These works differ from our approach in the way power data was collected.…”

Section: Related Workmentioning

confidence: 99%

Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

Bridges

Jiménez

Nichols

et al. 2018

2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International

View full text Add to dashboard Cite

This paper presents an experimental design and data analytics approach aimed at power-based malware detection on general-purpose computers. Leveraging the fact that malware executions must consume power, we explore the postulate that malware can be accurately detected via power data analytics. Our experimental design and implementation allow for programmatic collection of CPU power profiles for fixed tasks during uninfected and infected states using five different rootkits. To characterize the power consumption profiles, we use both simple statistical and novel, sophisticated features. We test a one-class anomaly detection ensemble (that baselines non-infected power profiles) and several kernel-based SVM classifiers (that train on both uninfected and infected profiles) in detecting previously unseen malware and clean profiles. The anomaly detection system exhibits perfect detection when using all features and tasks, with smaller false detection rate than the supervised classifiers. The primary contribution is the proof of concept that baselining power of fixed tasks can provide accurate detection of rootkits. Moreover, our treatment presents engineering hurdles needed for experimentation and allows analysis of each statistical feature individually. This work appears to be the first step towards a viable power-based detection capability for general-purpose computers, and presents next steps toward this goal.

show abstract

“…Recently, and in parallel with the development of local-level solutions, the research community studied the impact of the cryptoransomware on communication processes. This prompted the publication of the first proposals based on analyzing network features in emerging scenarios, as is the case of [10,58] at Internet of Things (IoT) or [42] at Cloud Computing. As indicated by Cabaj et al [8], the list of IP addresses with which each ransomware specimen tries to communicate with C&C server tends to be similar with those of previous detected threats.…”

Section: Countermeasuresmentioning

confidence: 99%

A novel Self-Organizing Network solution towards Crypto-ransomware Mitigation

Monge

Vidal

Villalba

2018

Proceedings of the 13th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

In the last decade, crypto-ransomware evolved from a family of malicious software with scarce repercussion in the research community, to a sophisticated and highly effective intrusion method positioned in the spotlight of the main organizations for cyberdefense. Its modus operandi is characterized by fetching the assets to be blocked, their encryption, and triggering an extortion process that leads the victim to pay for the key that allows their recovery. This paper reviews the evolution of crypto-ransomware focusing on the implication of the different advances in communication technologies that empowered its popularization. In addition, a novel defensive approach based on the Self-Organizing Network paradigm and the emergent communication technologies (e.g. Software-Defined Networking, Network Function Virtualization, Cloud Computing, etc.) is proposed. They enhance the orchestration of smart defensive deployments that adapt to the status of the monitoring environment and facilitate the adoption of previously defined risk management policies. In this way it is possible to efficiently coordinate the efforts of sensors and actuators distributed throughout the protected environment without supervision by human operators, resulting in greater protection with increased viability CCS CONCEPTS• Security and privacy → Network Security; Malware and its mitigation; • Networks → Network management;

show abstract

Detecting crypto-ransomware in IoT networks based on energy consumption footprint

Cited by 220 publications

References 34 publications

Ransomware deployment methods and analysis: views from a predictive model and human responses

Ransomware deployment methods and analysis: views from a predictive model and human responses

Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

A novel Self-Organizing Network solution towards Crypto-ransomware Mitigation

Contact Info

Product

Resources

About