Analysing Indicator of Compromises for Ransomware: Leveraging IOCs with Machine Learning Techniques

Verma, Mayank; Kumarguru, Ponnurangam; Deb, Shuva Brata; Gupta, A.

doi:10.1109/isi.2018.8587409

Cited by 11 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although these indicators proved useful for analysing the behaviour of particular malware variants, they failed to generate IOCs associated with ICSs. Likewise, Verma et al [148] applied ML techniques to detect ransomware behaviours in the Cuckoo sandbox. The study focused on IOCs, which are used to set the base for analysing and classifying new ransomware based on their behaviour.…”

Section: Machine Learning and Deep Learning Techniquesmentioning

confidence: 99%

Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective

Asiri

Saxena

Gjomemo

et al. 2023

ACM Trans. Cyber-Phys. Syst.

View full text Add to dashboard Cite

Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, in order to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment and only limited information is provided in research articles. In this paper, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally we highlight the lessons to be learnt from the literature and the future problems in the domain along with the approaches that might be taken.

show abstract

Section: Machine Learning and Deep Learning Techniquesmentioning

confidence: 99%

Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective

Asiri

Saxena

Gjomemo

et al. 2023

ACM Trans. Cyber-Phys. Syst.

View full text Add to dashboard Cite

show abstract

“…They have utilized behavior logs from analysis reports created by Cuckoo sandbox under several situations of ordinary and malware interactions. likewise, Verma et al [27] focused on the indicators of compromises (IOCs) for ransomware using Cuckoo sandbox. Which will be used to set the base for analyzing and classifying new ransomware based on their behavior.…”

Section: Categorizing Ransomware Characteristicsmentioning

confidence: 99%

“…Verma et al [27], 2018 Implemented an automated system using supervised machine learning classifiers to classify the ransomware samples.…”

mentioning

confidence: 99%

Ransomware Prevention and Mitigation Techniques

Alshaikh¹,

Ramadan²,

Ahmed³

2020

IJCA

View full text Add to dashboard Cite

Ransomware is a malware family that using security techniques such as cryptography to hijacking user files and associated resources and requests cryptocurrency in exchange for the locked data. There is no limit to who can be targeted by ransomware since it can be transmitted over the internet. Like traditional malware, ransomware may enter the system utilizing "social engineering, malware advertising, spam emails, take advantage of vulnerabilities, drive-by downloads or through open ports or by utilizing back doors". But in contrast to traditional malware, even after removal, ransomware influence is irreparable and tough to alleviate its impact without its creator assistance. This kind of attack has a straightforward financial implication, which is fueled by encryption technology, cyber currency. Therefore, ransomware has turned into a profitable business that has obtained rising popularity between attackers. As stated by "Cybersecurity Ventures", ransomware is the quickest increasing type of cybercrime. Since, global ransomware wastage expense is predicted to hit $20 billion in 2021, up from just $325 million in 2015 which, is 57X extra in 2021. In this paper, a brief of the recent research in the prevention of ransomware attacks and the best practices to mitigate the attack impact is presented. General TermsRansomware prevention technique, ransomware mitigation technique, signature-based, behavior-based.

show abstract

“…A turning point in this process is the use of Indicators of Compromise (IOCs) that support the security decision-making process [21]. IOCs include malware signature IDs, malicious IP addresses, malicious checksum (MD5) malware, and malicious URLs or domain names of Botnets, as well as patch fixes, good practices in control measures, access control policies or removing unnecessary services, and modifying firewall settings [22] [23] [24]. In other words, this is a huge repository of knowledge with proven defense techniques, which are strengthened daily by adding updates.…”

Section: Introductionmentioning

confidence: 99%