Differential area analysis for ransomware attack detection within mixed file datasets

Davies, Simon; Macfarlane, Richard; Buchanan, William J.

doi:10.1016/j.cose.2021.102377

Cited by 29 publications

(29 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The outcomes of this research unravel critical insights into the constantly evolving tactics employed in ransomware communications [7], [5]. A paramount implication derived from these insights is the essential integration of sophisticated linguistic analysis instruments within cybersecurity frameworks [17], [21].…”

Section: A Implications For Cybersecurity Practicesmentioning

confidence: 93%

Using ChatGPT to Analyze Ransomware Messages and to Predict Ransomware Threats

Fujima,

Kumamoto,

Yoshida

2023

Preprint

View full text Add to dashboard Cite

This study looked into the complex landscape of ransomware communications, utilizing advanced language models like ChatGPT to analyze ransomware messages. The research focused on identifying and interpreting the linguistic and strategic elements embedded in these communications. Key findings revealed a significant evolution in ransomware tactics, marked by sophisticated linguistic patterns and psychological manipulation strategies. The study emphasized the need for integrating advanced linguistic analysis tools within cybersecurity frameworks and advocates for customized cybersecurity education programs. Future research directions were proposed, including expanding the dataset and integrating diverse analytical methodologies. This research contributed to a deeper understanding of ransomware threats and offered insights into developing more effective cybersecurity measures against them.

show abstract

Section: A Implications For Cybersecurity Practicesmentioning

confidence: 93%

Using ChatGPT to Analyze Ransomware Messages and to Predict Ransomware Threats

Fujima,

Kumamoto,

Yoshida

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Initially, the focus was predominantly on signature-based detection, a method that relies on identifying known ransomware signatures [3]. While this approach has been effective in recognizing and blocking known ransomware strains, it has consistently struggled to detect new or modified variants [41], [22]. This limitation has led to a shift towards more dynamic methods such as behavior analysis and anomaly detection [18], [42], [19].…”

Section: A Ransomware Detection Methodologiesmentioning

confidence: 99%

“…The use of LLMs in this context is not without challenges, as their effectiveness in real-world scenarios is still under scrutiny [16]. Nonetheless, the potential of these models in reshaping the landscape of ransomware response strategies cannot be overlooked [21], [2], [22]. As ransomware continues to evolve, the role of LLMs in cybersecurity is poised to become a focal point of research and application, offering a glimpse into a future where artificial intelligence plays a crucial role in cyber defense [23], [24], [25].…”

Section: Introductionmentioning

confidence: 99%

Evaluating Large Language Models in Ransomware Negotiation: A Comparative Analysis of ChatGPT and Claude

Kumamoto,

Yoshida,

Fujima

2023

Preprint

View full text Add to dashboard Cite

This study presents a comprehensive analysis of the application of Large Language Models (LLMs), specifically ChatGPT and Claude, in the context of ransomware negotiation. Ransomware, an increasingly prevalent and sophisticated cyber threat, necessitates innovative response strategies. This study examines the capabilities of these LLMs in simulating human-like negotiation tactics against ransomware attacks, focusing on two main types: cryptographic and data exfiltration ransomware. Through a series of controlled simulations, the efficacy of ChatGPT and Claude in understanding complex language constructs, formulating negotiation strategies, and their adaptability to varying ransomware scenarios is evaluated. The research highlights the strengths of these models in response accuracy, adaptability, and psychological manipulation resistance. However, it also reveals their susceptibility to producing hallucinations — instances of unrealistic or inaccurate responses. The study contributes to the understanding of AI's potential in cybersecurity, emphasizing the need for improvements in AI reliability, ethical considerations, and the integration of human oversight. The findings suggest that while LLMs hold promising potential in enhancing cyber defense mechanisms, their deployment in high-stakes scenarios like ransomware negotiations must be approached with caution and continuous oversight.

show abstract

“…In [ 18 ], a zone division-based entropy detection method was proposed to measure entropy by separately diving an area that included file information such as a file signature of file contents. In [ 19 ], to detect ransomware-infected files in the system, various file formats were configured as data sets, and the entropy plot values of the files and files containing purely random numbers were compared. The larger the correlation of the plot values, the more that the file was considered to be encrypted by ransomware.…”

Section: Prior Knowledge and Related Workmentioning

confidence: 99%

A Method for Neutralizing Entropy Measurement-Based Ransomware Detection Technologies Using Encoding Algorithms

Lee

2022

Entropy

View full text Add to dashboard Cite

Ransomware consists of malicious codes that restrict users from accessing their own files while demanding a ransom payment. Since the advent of ransomware, new and variant ransomwares have caused critical damage around the world, thus prompting the study of detection and prevention technologies against ransomware. Ransomware encrypts files, and encrypted files have a characteristic of increasing entropy. Due to this characteristic, a defense technology has emerged for detecting ransomware-infected files by measuring the entropy of clean and encrypted files based on a derived entropy threshold. Accordingly, attackers have applied a method in which entropy does not increase even if the files are encrypted, such that the ransomware-infected files cannot be detected through changes in entropy. Therefore, if the attacker applies a base64 encoding algorithm to the encrypted files, files infected by ransomware will have a low entropy value. This can eventually neutralize the technology for detecting files infected from ransomware based on entropy measurement. Therefore, in this paper, we propose a method to neutralize ransomware detection technologies using a more sophisticated entropy measurement method by applying various encoding algorithms including base64 and various file formats. To this end, we analyze the limitations and problems of the existing entropy measurement-based ransomware detection technologies using the encoding algorithm, and we propose a more effective neutralization method of ransomware detection technologies based on the analysis results.

show abstract

Differential area analysis for ransomware attack detection within mixed file datasets

Cited by 29 publications

References 35 publications

Using ChatGPT to Analyze Ransomware Messages and to Predict Ransomware Threats

Using ChatGPT to Analyze Ransomware Messages and to Predict Ransomware Threats

Evaluating Large Language Models in Ransomware Negotiation: A Comparative Analysis of ChatGPT and Claude

A Method for Neutralizing Entropy Measurement-Based Ransomware Detection Technologies Using Encoding Algorithms

Contact Info

Product

Resources

About