Ransomware: Recent advances, analysis, challenges and future research directions

Beaman, Craig; Barkworth, Ashley; Akande, Toluwalope David; Hakak, Saqib; Khan, Muhammad Khurram

doi:10.1016/j.cose.2021.102490

Cited by 107 publications

(66 citation statements)

References 98 publications

(219 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This showed that people who were more confident in their ability to identify security threats were less worried about phishing attacks. 1 Principal Components Analysis is a technique to reduce a number of variables to the set which describes the data in the smallest possible number of variables with the least loss of information. It is a non-parametric analysis method.…”

Section: Resultsmentioning

confidence: 99%

Online Security Attack Experience and Worries of Young Adults in the United Kingdom

Aldaraani

Petrie

Shahandashti

2022

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

Online security issues continue to grow as a concern, amplified by the coronavirus pandemic. The current cohort of young people (aged 18 -30, "Generation Z") are the first to have grown up with digital technologies, but to what extent are they worried about online security attacks and what experience do they have of them? An online survey of 81 young UK participants investigated their experience with 12 scenarios presenting online security attacks, asked about their level of worry with 9 online security attacks and their knowledge of computer and online security, and their confidence in their ability to identity an attack. Experience with the online attacks ranged widely, from over 50% of participants experiencing spear phishing to attempt identity theft, to only 2.5% experiencing a spoofed website. A principal components analysis showed that worries clearly fell into two components: Theft Worry and Phishing Worry. Levels of worry on these two components could be predicted from the number of different online security attacks participants had experienced. These relationships may be useful for developing education and advice to encourage better online security behaviour.

show abstract

Section: Resultsmentioning

confidence: 99%

Online Security Attack Experience and Worries of Young Adults in the United Kingdom

Aldaraani

Petrie

Shahandashti

2022

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

show abstract

“…Beama et al discussed the analysis of ransomware attacks based on the challenges, recent advances as well as future research directions [16]. The paper stated that static analysis is mostly evaded by code obfuscation techniques.…”

Section: State-of-the-art Studies On Ransomwarementioning

confidence: 99%

Ransomware Detection in Cyber Security Domain

Aslan

2022

Bitlis Eren Üniversitesi Fen Bilimleri Dergisi

View full text Add to dashboard Cite

In recent years, ransomware has become highly profitable cyber attacks. This is because, everyday there are several new devices attending to computer networks before testing their security strength. In addition, it is easy to launch ransomware attacks by using Ransomware-as-a-Service. This paper proposed a new method that creates the ransomware specific features by using ransomware behaviors which are performed on file, registry, and network resources. The weights are assigned to the behaviors based upon where the actions are performed. The most feasible features are selected based on the assigned weights as well as Information Gain. The selected features are classified by using ML classifiers including J48 (C4.5), RF (Random Forest), AdaBoost (Adaptive Boosting), SLR (Simple Logistic Regression), KNN (K-Nearest Neighbors), BN (Bayesian Network), and SMO (Sequential Minimal Optimization). The experiments are performed on several ransomware variants as well as benign samples. The test results show that our proposed method is feasible and effective. The DR, FPR, f-measure, and accuracy are measured as 100%, 1.4%, 99.4%, 99.38%, respectively.

show abstract

“…• We developed a thin and lightweight live-forensic hypervisor that collects low-level memory access patterns with mitigating advanced evasion techniques of malware that exploit OS vulnerabilities. • While many modern ransomware detection methods presented in literature use dynamic features obtained from an operating system layer [2] (e.g., sequences of API calls per process ID, file system operations), our system uses only low-level memory access patterns of physical address space obtained from a hypervisor layer. • Many researchers believe that Virtual Machine Introspection (VMI), in general, needs to bridge the semantic gap between OS and hypervisor [8].…”

Section: B Contributions Of This Papermentioning

confidence: 99%

“…Although anti-virus software vendors frequently update their signature database used to detect binary files of the variants, the signature-based static analysis detection fundamentally cannot cope with a large number of the variants. Beaman et al presented a literature review on recent state-of-the-art ransomware prevention and detection approaches [2]. They analyzed popular ransomware samples and developed their experimental ransomware, AESthetic, that was able to evade detection against eight popular antivirus programs.…”

Section: Introductionmentioning

confidence: 99%

Machine Learning-based Ransomware Detection Using Low-level Memory Access Patterns Obtained From Live-forensic Hypervisor

Hirano,

Kobayashi

2022

Preprint

View full text Add to dashboard Cite

Since modern anti-virus software mainly depends on a signature-based static analysis, they are not suitable for coping with the rapid increase in malware variants. Moreover, even worse, many vulnerabilities of operating systems enable attackers to evade such protection mechanisms. We, therefore, developed a thin and lightweight live-forensic hypervisor to create an additional protection layer under a conventional protection layer of operating systems with supporting ransomware detection using dynamic behavioral features. The developed live-forensic hypervisor collects low-level memory access patterns instead of highlevel information such as process IDs and API calls that modern Virtual Machine Introspection techniques have employed. We then created the low-level memory access patterns dataset of three ransomware samples, one wiper malware sample, and four benign applications. We confirmed that our best machine learning classifier using only low-level memory access patterns achieved an F1 score of 0.95 in detecting ransomware and wiper malware.

show abstract

Ransomware: Recent advances, analysis, challenges and future research directions

Cited by 107 publications

References 98 publications

Online Security Attack Experience and Worries of Young Adults in the United Kingdom

Online Security Attack Experience and Worries of Young Adults in the United Kingdom

Ransomware Detection in Cyber Security Domain

Machine Learning-based Ransomware Detection Using Low-level Memory Access Patterns Obtained From Live-forensic Hypervisor

Contact Info

Product

Resources

About