IoT based ransomware growth rate evaluation and detection using command and control blacklisting

Zahra, Asma; Shah, Munam Ali

doi:10.23919/iconac.2017.8082013

Cited by 36 publications

(15 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This study reviews the current backup approaches with the purpose of providing a guide in order to address ransomware attacks, according to NIST SP 800 security management. On the other side, there are proposals focused on ransomware in Android devices [7] or the IoT area [15]. For example, Zahnra et al [15] proposes a model for analyzing incoming TCP/IP traffic (header), using a command and control server (C&C) with ransomware blacklists.…”

Section: Current Researchmentioning

confidence: 99%

“…On the other side, there are proposals focused on ransomware in Android devices [7] or the IoT area [15]. For example, Zahnra et al [15] proposes a model for analyzing incoming TCP/IP traffic (header), using a command and control server (C&C) with ransomware blacklists. It is important to note that the analysis of ransomware threats in Android or IoT devices is out of the scope of this article.…”

Section: Current Researchmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Situational Awareness of Ransomware Attacks—Detection and Prevention Parameters

et al. 2019

View full text Add to dashboard Cite

In recent years, cybercrime activities have grown significantly, compromising device security and jeopardizing the normal activities of enterprises. The profits obtained through intimidation and the limitations for tracking down the illegal transactions have created a lucrative business based on the hijacking of users’ files. In this context, ransomware takes advantage of cryptography to compromise the user information or deny access to the operating system. Then, the attacker extorts the victim to pay a ransom in order to regain access, recover the data, or keep the information private. Nowadays, the adoption of Situational Awareness (SA) and cognitive approaches can facilitate the rapid identification of ransomware threats. SA allows knowing what is happening in compromised devices and network communications through monitoring, aggregation, correlation, and analysis tasks. The current literature provides some parameters that are monitored and analyzed in order to prevent these kinds of attacks at an early stage. However, there is no complete list of them. To the best of our knowledge, this paper is the first proposal that summarizes the parameters evaluated in this research field and considers the SA concept. Furthermore, there are several articles that tackle ransomware problems. However, there are few surveys that summarize the current situation in the area, not only regarding its evolution but also its issues and future challenges. This survey also provides a classification of ransomware articles based on detection and prevention approaches.

show abstract

Section: Current Researchmentioning

confidence: 99%

Section: Current Researchmentioning

confidence: 99%

A Survey on Situational Awareness of Ransomware Attacks—Detection and Prevention Parameters

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Recently, and in parallel with the development of local-level solutions, the research community studied the impact of the cryptoransomware on communication processes. This prompted the publication of the first proposals based on analyzing network features in emerging scenarios, as is the case of [10,58] at Internet of Things (IoT) or [42] at Cloud Computing. As indicated by Cabaj et al [8], the list of IP addresses with which each ransomware specimen tries to communicate with C&C server tends to be similar with those of previous detected threats.…”

Section: Countermeasuresmentioning

confidence: 99%

A novel Self-Organizing Network solution towards Crypto-ransomware Mitigation

Monge

Vidal

Villalba

2018

Proceedings of the 13th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

In the last decade, crypto-ransomware evolved from a family of malicious software with scarce repercussion in the research community, to a sophisticated and highly effective intrusion method positioned in the spotlight of the main organizations for cyberdefense. Its modus operandi is characterized by fetching the assets to be blocked, their encryption, and triggering an extortion process that leads the victim to pay for the key that allows their recovery. This paper reviews the evolution of crypto-ransomware focusing on the implication of the different advances in communication technologies that empowered its popularization. In addition, a novel defensive approach based on the Self-Organizing Network paradigm and the emergent communication technologies (e.g. Software-Defined Networking, Network Function Virtualization, Cloud Computing, etc.) is proposed. They enhance the orchestration of smart defensive deployments that adapt to the status of the monitoring environment and facilitate the adoption of previously defined risk management policies. In this way it is possible to efficiently coordinate the efforts of sensors and actuators distributed throughout the protected environment without supervision by human operators, resulting in greater protection with increased viability CCS CONCEPTS• Security and privacy → Network Security; Malware and its mitigation; • Networks → Network management;

show abstract

“…As stated by a report for Malwarebytes, the IoT attacks will continue at steady levels with increased sophistication [5]. For example, recent malware such as Mirai [6] and Ransomware of Things (RoT) [7,8] proven that conventional security methods are ineffective and do not provide decentralized and strong security solutions. In addition to the urgent need for a new paradigm of security commensurate with the changes that have emerged with the IoT ecosystem.…”

Section: Introductionmentioning

confidence: 99%

DeepDCA: Novel Network-Based Detection of IoT Attacks Using Artificial Immune System

et al. 2020

View full text Add to dashboard Cite

Recently Internet of Things (IoT) attains tremendous popularity, although this promising technology leads to a variety of security obstacles. The conventional solutions do not suit the new dilemmas brought by the IoT ecosystem. Conversely, Artificial Immune Systems (AIS) is intelligent and adaptive systems mimic the human immune system which holds desirable properties for such a dynamic environment and provides an opportunity to improve IoT security. In this work, we develop a novel hybrid Deep Learning and Dendritic Cell Algorithm (DeepDCA) in the context of an Intrusion Detection System (IDS). The framework adopts Dendritic Cell Algorithm (DCA) and Self Normalizing Neural Network (SNN). The aim of this research is to classify IoT intrusion and minimize the false alarm generation. Also, automate and smooth the signal extraction phase which improves the classification performance. The proposed IDS selects the convenient set of features from the IoT-Bot dataset, performs signal categorization using the SNN then use the DCA for classification. The experimentation results show that DeepDCA performed well in detecting the IoT attacks with a high detection rate demonstrating over 98.73% accuracy and low false-positive rate. Also, we compared these results with State-of-the-art techniques, which showed that our model is capable of performing better classification tasks than SVM, NB, KNN, and MLP. We plan to carry out further experiments to verify the framework using a more challenging dataset and make further comparisons with other signal extraction approaches. Also, involve in real-time (online) attack detection.

show abstract

IoT based ransomware growth rate evaluation and detection using command and control blacklisting

Cited by 36 publications

References 3 publications

A Survey on Situational Awareness of Ransomware Attacks—Detection and Prevention Parameters

A Survey on Situational Awareness of Ransomware Attacks—Detection and Prevention Parameters

A novel Self-Organizing Network solution towards Crypto-ransomware Mitigation

DeepDCA: Novel Network-Based Detection of IoT Attacks Using Artificial Immune System

Contact Info

Product

Resources

About