Ransomware Encrypted Your Files but You Restored Them from Network Traffic

Berrueta, Eduardo; Morató, D.; Magaña, Eduardo; Izal, Mikel

doi:10.1109/csnet.2018.8602978

Cited by 5 publications

(3 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We can also offer file recovery using the network-based analysis probe but only in case of the file-sharing protocol being not encrypted. Non-encrypted protocols are for example versions 1 and 2 of SMB, and we showed a proof-of-concept of the file-recovery feature in a previous publication (Berrueta et al, 2018). Moussaileb et al (2018) monitored the file system traversal paths and velocity of the analysed programs.…”

Section: Locally Installed Toolsmentioning

confidence: 73%

Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic

Berrueta

Morató

Magaña

et al. 2022

Expert Systems with Applications

View full text Add to dashboard Cite

Section: Locally Installed Toolsmentioning

confidence: 73%

Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic

Berrueta

Morató

Magaña

et al. 2022

Expert Systems with Applications

View full text Add to dashboard Cite

“…We have validated the implementation of stream reconstruction software and the SMB message dissection procedure creating an extension of this module capable of extracting the content of files transferred using SMB [10].…”

Section: A Smbtimementioning

confidence: 99%

High-Speed Analysis of SMB2 File Sharing Traffic without TCP Stream Reconstruction

Berrueta

Morató

Magaña

et al. 2019

2019 IEEE International Symposium on Measurements &Amp; Networking (M&N)

Self Cite

View full text Add to dashboard Cite

This paper presents a file sharing traffic analysis methodology for Server Message Block (SMB), a common protocol in the corporate environment. The design is focused on improving the traffic analysis rate that can be obtained per CPU core in the analysis machine. SMB is most commonly transported over Transmission Control Protocol (TCP) and therefore its analysis requires TCP stream reconstruction. We evaluate a traffic analysis design which does not require stream reconstruction. We compare the results obtained to a reference full reconstruction analysis, both in accuracy of the measurements and maximum rate per CPU core. We achieve an increment of 30% in the traffic processing rate, at the expense of a small loss in accuracy computing the probability distribution function for the protocol response times.

show abstract

“…In light of these evolving ransomware techniques, traditional cybersecurity measures focusing solely on preventing access breaches have become inadequate [11,18,19]. The need for advanced analytical tools capable of detecting and interpreting complex and subtle patterns of network traffic indicative of ransomware activities has become more critical [15,20,21]. Here, the Bidirectional Encoder Representations from Transformers (BERT) model emerges as a potent tool [22,23].…”

Section: Introductionmentioning

confidence: 99%

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Almeida,

Vasconcelos

2023

Preprint

View full text Add to dashboard Cite

This research looks into the evolving dynamics of ransomware, shifting from conventional encryption-based attacks to sophisticated data exfiltration strategies. Employing the Bidirectional Encoder Representations from Transformers (BERT) model, the study analyzes network traffic patterns to detect ransomware activities, offering new insights into their covert operations. The findings emphasize the need for advanced AI tools in cybersecurity, highlighting the significance of adapting and innovating defense strategies to counter the changing landscape of ransomware threats. The study contributes to a deeper understanding of ransomware evolution and underscores the importance of integrating AI in cybersecurity practices.

show abstract

Ransomware Encrypted Your Files but You Restored Them from Network Traffic

Cited by 5 publications

References 14 publications

Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic

Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic

High-Speed Analysis of SMB2 File Sharing Traffic without TCP Stream Reconstruction

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Contact Info

Product

Resources

About