A Behaviour based Ransomware Detection using Neural Network Models

Ketzaki, Eleni; Toupas, Petros; Giannoutakis, Konstantinos M.; Drosou, Anastasios; Tzovaras, Dimitrios

doi:10.1109/acit49673.2020.9208974

Cited by 5 publications

(5 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yet, as cyber defenses continued to advance, particularly with the enhancement of backup and recovery solutions, the potency of ransomware relying solely on encryption began to decline [8,9]. This led to a notable transition in the ransomware landscape, where recent trends have witnessed a pivot towards ransomware strategies that prioritize data exfiltration [10,11]. This new breed of ransomware, exemplified by groups like Royal and Ragnar Locker, has adopted a dual-threat approach that combines the conventional method of encryption with the additional threat of exposing stolen data [5,12].…”

Section: Ransomware Evolution and Trendsmentioning

confidence: 99%

See 1 more Smart Citation

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Almeida,

Vasconcelos

2023

Preprint

View full text Add to dashboard Cite

This research looks into the evolving dynamics of ransomware, shifting from conventional encryption-based attacks to sophisticated data exfiltration strategies. Employing the Bidirectional Encoder Representations from Transformers (BERT) model, the study analyzes network traffic patterns to detect ransomware activities, offering new insights into their covert operations. The findings emphasize the need for advanced AI tools in cybersecurity, highlighting the significance of adapting and innovating defense strategies to counter the changing landscape of ransomware threats. The study contributes to a deeper understanding of ransomware evolution and underscores the importance of integrating AI in cybersecurity practices.

show abstract

Section: Ransomware Evolution and Trendsmentioning

confidence: 99%

“…Contemporary ransomware groups, moving beyond the sole reliance on file encryption, are progressively focusing on data exfiltration [8,9]. This progression has been recognized as a significant transformation in the threat landscape posed by ransomware [10,11].…”

Section: Introductionmentioning

confidence: 99%

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Almeida,

Vasconcelos

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…This model identifies malicious processes with an accuracy of 84%. Also, [44] proposed a prediction model based on a NN. The NN classifier was trained using data about disk space, CPU and memory usage, file read, write, create, and delete.…”

Section: ) Defenses At the Execution Stagementioning

confidence: 99%

Crypto-Ransomware Detection and Prevention Techniques and Tools A Survey

Alshaikh,

Ahmed,

Ramadan

2023

IJCDS

View full text Add to dashboard Cite

Crypto-ransomware is among the extremely prevalent malware cyberattacks worldwide. it is typically spread using phishing emails and compromised websites, where crypto-ransomware is downloaded stealthily after luring users to click on malicious links. Additionally, attackers may take advantage of available vulnerabilities in software installed on the victim's device or use a zero-day vulnerability in the operating system. Crypto-ransomware employs encryption techniques against users' data and resources, rendering them inaccessible and demanding a cryptocurrency ransom for decryption. Crypto-ransomware attacks have witnessed massive growth within the past few years, resulting in massive financial loss across the globe. Different detection and prevention techniques have been proposed to overcome crypto-ransomware attacks, and many tools have been implemented. In this work the authors present a summary of the most recently used techniques and tools, highlighting different employed strategies that address crypto-ransomware attacks in the different stages of the attack chain.

show abstract

“…This solution was evaluated on 582 ransomware and 942 benign applications and it showed its effectiveness to detect ransomware compared with other methods. Ketzaki et al [20] proposed a detection procedure based on neural network methodologies to detect ransomware. The used features by the neural network model are extracted from monitoring in real-time the CPU, the memory, the disk space, the rate of reads and writes, the number of changed, created and deleted files.…”

mentioning

confidence: 99%

“…However, our idea to detect the ransomware using the ransom files can also be combined with monitoring the per-thread file system traversal suggested in [21]. Within Machine Learning, the ransom files can be used as a monitored feature in [20] like rate of reads/writes and the number of changed, created and deleted files. Related to monitoring the API Crypto or decoy files, a created ransom file by a specified process can confirm that this process is a ransomware if also uses the API Crypto.…”

mentioning

confidence: 99%

In-Depth Analysis of Ransom Note Files

Lanet

Souidi

2021

Computers

View full text Add to dashboard Cite

During recent years, many papers have been published on ransomware, but to the best of our knowledge, no previous academic studies have been conducted on ransom note files. In this paper, we present the results of a depth study on filenames and the content of ransom files. We propose a prototype to identify the ransom files. Then we explore how the filenames and the content of these files can minimize the risk of ransomware encryption of some specified ransomware or increase the effectiveness of some ransomware detection tools. To achieve these objectives, two approaches are discussed in this paper. The first uses Latent Semantic Analysis (LSA) to check similarities between the contents of files. The second uses some Machine Learning models to classify the filenames into two classes—ransom filenames and benign filenames.

show abstract

A Behaviour based Ransomware Detection using Neural Network Models

Cited by 5 publications

References 16 publications

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Crypto-Ransomware Detection and Prevention Techniques and Tools A Survey

In-Depth Analysis of Ransom Note Files

Contact Info

Product

Resources

About