Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic

Berrueta, Eduardo; Morató, D.; Magaña, Eduardo; Izal, Mikel

doi:10.1016/j.eswa.2022.118299

Cited by 33 publications

(20 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using Bi-ALSTM, the authors detect attack patterns before the network is compromised, achieving an impressive 99.97% detection rate. Berrueta et al [75] employ a similar strategy, monitoring the communication between clients and file servers using a network probe. This probe captures and analyses file-sharing traffic, including SMB and NFS traffic.…”

Section: ) Detection During Deliverymentioning

confidence: 99%

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Ispahany,

Islam,

Islam

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Ransomware attacks are on the rise in terms of both frequency and impact. The shift to remote work due to the COVID-19 pandemic has led more people to work online, prompting companies to adapt quickly. Unfortunately, this increased online activity has provided cybercriminals numerous opportunities to carry out devastating attacks. One recent method employed by malicious actors involves infecting corporate networks with ransomware to extract millions of dollars in profits. Ransomware falls into the category of malware. It works by encrypting sensitive data and demanding payments from victims to receive the encryption keys necessary for decrypting their data. The prevalence of this type of attack has prompted governments and organisations worldwide to intensify their efforts to combat ransomware. In response, the research community has also focused on ransomware detection, leveraging technologies such as machine learning. Despite this increased attention, practical solutions for real-world applications remain scarce in the existing literature. Numerous surveys have explored literature within the domain. Still, there is a notable lack of emphasis on the design of ransomware detection systems and the practical aspects of detection, including real-time and early detection. Against this backdrop, our review delves into the existing literature on ransomware detection, specifically examining the machine-learning techniques, detection approaches, and designs employed. Finally, we highlight the limitations of prior studies and propose future research directions in this crucial area.

show abstract

Section: ) Detection During Deliverymentioning

confidence: 99%

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Ispahany,

Islam,

Islam

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…There were two test systems used, one with a relatively low amount of sensor data accessible and the other with a comparatively significant amount. Berrueta et al [79] introduced a detection approach based on file-sharing traffic analysis that can detect and stop the crypto-ransomware activity. The latter uses machine learning techniques to monitor traffic between clients and file servers.…”

Section: C: Other Platformsmentioning

confidence: 99%

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

et al. 2023

View full text Add to dashboard Cite

The proliferation of ransomware has become a significant threat to cybersecurity in recent years, causing significant financial, reputational, and operational damage to individuals and organizations. This paper aims to provide a comprehensive overview of the evolution of ransomware, its taxonomy, and its state-of-the-art research contributions. We begin by tracing the origins of ransomware and its evolution over time, highlighting the key milestones and major trends. Next, we propose a taxonomy of ransomware that categorizes different types of ransomware based on their characteristics and behavior. Subsequently, we review the existing research over several years in regard to detection, prevention, mitigation, and prediction techniques. Our extensive analysis, based on more than 150 references, has revealed that significant research, specifically 72.8%, has focused on detecting ransomware. However, a lack of emphasis has been placed on predicting ransomware. Additionally, of the studies focused on ransomware detection, a significant portion, 70%, have utilized machine learning methods. We further discuss the challenges found such as the ones related to obtaining ransomware datasets. In addition, our study uncovers a range of shortcomings in research pertaining to real-time protection and identifying zero-day ransomware. Adversarial machine learning exploitation has been identified as an under-researched area in the field. This survey is a constructive roadmap for researchers interested in ransomware research matters.

show abstract

“…The dense and disordered nature of these ✻✵ traces often leads to a surge in computational overhead and a consequent depletion in the ✻✶ ability to accurately pinpoint and characterize malevolent activities [14,22]. This increase ✻✷ in resource consumption coupled with the challenge of accurately discerning the malicious ✻✸ from the benign has driven researchers and cybersecurity professionals to seek out more ✻✹ advanced and nuanced methods of detection and analysis [15,23,24]. As ransomware ✻✺ evolves, so too must the tools and techniques employed to detect it, underscoring the need ✻✻ for continuous innovation in the realm of cybersecurity [25,26].…”

Section: ✹✼mentioning

confidence: 99%

Enhancing Ransomware Detection: A Windows API Min Max Relevance Refinement Approach

Kang,

2023

Preprint

View full text Add to dashboard Cite

Ransomware constitutes a distinctive category of pernicious software that sequesters a user's digital assets by encryption, holding them hostage until a sum is extorted from the victim. These incursions have escalated to become among the most prevalent and significant threats confronting both individuals and corporate entities. In combatting this virulent program, dynamic analysis has been established as the favored detection modality. Such analyses typically hinge on Windows API calls, the conduits through which programs requisition services from the operating system. Yet, the superfluous and unrelated Windows API calls interjected by adversaries into the execution stream of suspect binaries precipitate an excessively noisy behavioral sequence, which impairs the performance of counter-ransomware mechanisms. The research outlined herein introduces a novel non-signature-based detection paradigm that harnesses efficacious Windows API call sequences through supervised machine learning strategies. An innovative Enhanced Min Max (EmRmR) filter technique is proposed, aiming to purge noisy features and isolate the most indicative feature subset that encapsulates the ransomware's true behavior. The EmRmR method, diverging from the traditional Min Max approach, circumvents the superfluous calculations that are a hallmark of the conventional algorithms, thereby necessitating a reduced number of evaluations. Additionally, a refinement procedure has been integrated to contract the program's call trace volume by discarding those Windows API calls lacking a robust correlation with ransomware's pivotal behavior. Subsequent to rigorous experimental analyses and juxtaposition with extant behavior-based detection methodologies, the proposed strategy has demonstrated its efficacy in differentiating ransomware behavior, delivering high detection precision alongside a diminution in false-positive occurrences.

show abstract

Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic

Cited by 33 publications

References 53 publications

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

Enhancing Ransomware Detection: A Windows API Min Max Relevance Refinement Approach

Contact Info

Product

Resources

About