Ransomware prevention using moving target defense based approach

Hyder, Muhammad Faraz; Khan, Shariq Mahmood; Arshad, Junaid; Khan, Muhammad Mubashir

doi:10.1002/cpe.7592

Cited by 14 publications

(24 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These techniques focus on monitoring and analyzing behavioral patterns related to file access, changes, and unusual network activities, all of which are indicative of potential ransomware activity [43], [44]. With the increasing sophistication of ransomware attacks, researchers have integrated machine learning algorithms into detection systems, aiming to enhance their accuracy and adaptability [2], [15]. Machine learning models are trained on vast datasets of known ransomware behavior, enabling them to identify subtle patterns and anomalies that might elude traditional detection methods [45], [20], [46].…”

Section: A Ransomware Detection Methodologiesmentioning

confidence: 99%

“…The occurrence of hallucinations and the variability in LLM performance in different scenarios highlight the limitations of AI in fully understanding the nuances of human communication and decision-making in complex situations [45], [1]. Human oversight in AI-driven ransomware negotiations can provide several benefits [10], [15]. It ensures that the responses and strategies generated by LLMs align with the organization's ethical standards and strategic goals [25], [66].…”

Section: A the Need For Human Oversightmentioning

confidence: 99%

See 1 more Smart Citation

Evaluating Large Language Models in Ransomware Negotiation: A Comparative Analysis of ChatGPT and Claude

Kumamoto,

Yoshida,

Fujima

2023

Preprint

View full text Add to dashboard Cite

This study presents a comprehensive analysis of the application of Large Language Models (LLMs), specifically ChatGPT and Claude, in the context of ransomware negotiation. Ransomware, an increasingly prevalent and sophisticated cyber threat, necessitates innovative response strategies. This study examines the capabilities of these LLMs in simulating human-like negotiation tactics against ransomware attacks, focusing on two main types: cryptographic and data exfiltration ransomware. Through a series of controlled simulations, the efficacy of ChatGPT and Claude in understanding complex language constructs, formulating negotiation strategies, and their adaptability to varying ransomware scenarios is evaluated. The research highlights the strengths of these models in response accuracy, adaptability, and psychological manipulation resistance. However, it also reveals their susceptibility to producing hallucinations — instances of unrealistic or inaccurate responses. The study contributes to the understanding of AI's potential in cybersecurity, emphasizing the need for improvements in AI reliability, ethical considerations, and the integration of human oversight. The findings suggest that while LLMs hold promising potential in enhancing cyber defense mechanisms, their deployment in high-stakes scenarios like ransomware negotiations must be approached with caution and continuous oversight.

show abstract

Section: A Ransomware Detection Methodologiesmentioning

confidence: 99%

Section: A the Need For Human Oversightmentioning

confidence: 99%

Evaluating Large Language Models in Ransomware Negotiation: A Comparative Analysis of ChatGPT and Claude

Kumamoto,

Yoshida,

Fujima

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Ransomware's impact on different operating systems has also been extensively studied. While initially focusing on Windows systems, there has been a noticeable shift towards targeting other operating systems, including Linux and macOS, a shift demonstrates ransomware developers' response to changing market shares and user behaviors [23]. Another critical feature studied is the ransom payment mechanism, from simple anonymous payments to complex cryptocurrency transactions, primarily Bitcoin, which is indicative of the cybercriminals' efforts to maintain anonymity and reduce traceability [24].…”

Section: Ransomware Feature Studiesmentioning

confidence: 99%

Ransomware Detection with Opcode Analysis and GAN-Based Unsupervised Learning

Zhong,

Kang

2024

Preprint

View full text Add to dashboard Cite

This study introduces an innovative approach to ransomware detection utilizing opcode analysis combined with Generative Adversarial Networks (GANs). Focusing on the dynamic nature of modern ransomware threats, the research develops a method that leverages unsupervised learning to detect both known and novel ransomware variants. The study begins by examining the evolution of ransomware, from its initial focus on Windows-based systems to the current sophisticated attacks on various platforms. It then explores the implementation of a GAN-based model, capable of discerning ransomware through complex opcode patterns. Experimental results demonstrate the model's effectiveness across several ransomware families, with high accuracy, precision, recall, and F1-scores. The research further delves into the implications of advanced ransomware detection techniques, challenges in adapting to evolving ransomware strategies, the integration of AI in cybersecurity, and future directions in ransomware mitigation. This paper contributes significantly to the field of cybersecurity by providing an advanced, adaptable, and efficient tool for ransomware detection, marking a step forward in combating the increasing ransomware threat.

show abstract

“…Ransomware prevention encompasses an array of solutions, both technical and policy-oriented [11], [2], [8]. Technically, the development of endpoint security solutions, which integrate state-of-the-art threat prevention capabilities, play an instrumental role in thwarting the execution of ransomware attacks [9], [20], [36]. These solutions are adept at identifying and neutralizing potential threats before they can inflict damage [5], [10], [27].…”

Section: B Ransomware Preventionmentioning

confidence: 99%

“…This alarming trend underscores a shift in the mode of operation of ransomware attacks, evolving from mere nuisances to significant threats capable of crippling entire organizational operations [7], [8]. The impact of these attacks has been profound, with businesses and institutions facing not just financial losses due to the ransom payments but also significant operational disruptions and potential breaches of sensitive data [9], [1]. As such, the rise of ransomware represents a critical concern in cybersecurity, demanding rigorous and innovative defensive strategies to safeguard digital assets and maintain the integrity of computer systems [4].…”

Section: Introductionmentioning

confidence: 99%

NTFS+: An Enhanced NTFS File System Against Ransomware Invasions

Gu,

Kang

2023

Preprint

View full text Add to dashboard Cite

Ransomware poses a significant threat to digital security, evolving rapidly with sophisticated encryption and data exfiltration tactics. This study introduces NTFS+, an enhanced version of the New Technology File System (NTFS), designed to combat these emerging ransomware threats. NTFS+ integrates machine learning, specifically Generative Adversarial Networks, to detect abnormal file system activities indicative of ransomware attacks. The system's core architecture features minifilter drivers that analyze file access patterns in real-time, enabling proactive response to potential threats. Evaluation of NTFS+ demonstrates its efficacy in accurately distinguishing between benign and ransomware activities, with a focus on minimizing false positives and negatives. Despite its effectiveness, challenges such as zero-day ransomware attacks highlight areas for future improvement, including enhanced learning capabilities and cloud integration. NTFS+ represents a significant advancement in file system-based ransomware mitigation, offering a scalable, adaptable, and robust solution for modern cybersecurity needs.

show abstract

Ransomware prevention using moving target defense based approach

Cited by 14 publications

References 24 publications

Evaluating Large Language Models in Ransomware Negotiation: A Comparative Analysis of ChatGPT and Claude

Evaluating Large Language Models in Ransomware Negotiation: A Comparative Analysis of ChatGPT and Claude

Ransomware Detection with Opcode Analysis and GAN-Based Unsupervised Learning

NTFS+: An Enhanced NTFS File System Against Ransomware Invasions

Contact Info

Product

Resources

About