Machine Learning for Detecting the WestRock Ransomware Attack Using BGP Routing Records

Li, Zhida; Rios, Ana Laura Gonzalez; Trajković, Ljiljana

doi:10.1109/mcom.001.2200215

Cited by 11 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, it is crucial to recognise that the encryption of packets may hinder the effectiveness of this approach. Li et al [119] identify anomalies in the Border Gateway Protocol (BGP) logs obtained during the WestRock ransomware attack, signalling the presence of ransomware activity. BGP is a path-vector routing protocol crucial for determining optimal routes for data packets between different networks.…”

Section: B: Network Featuresmentioning

confidence: 99%

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Ispahany,

Islam,

Islam

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Ransomware attacks are on the rise in terms of both frequency and impact. The shift to remote work due to the COVID-19 pandemic has led more people to work online, prompting companies to adapt quickly. Unfortunately, this increased online activity has provided cybercriminals numerous opportunities to carry out devastating attacks. One recent method employed by malicious actors involves infecting corporate networks with ransomware to extract millions of dollars in profits. Ransomware falls into the category of malware. It works by encrypting sensitive data and demanding payments from victims to receive the encryption keys necessary for decrypting their data. The prevalence of this type of attack has prompted governments and organisations worldwide to intensify their efforts to combat ransomware. In response, the research community has also focused on ransomware detection, leveraging technologies such as machine learning. Despite this increased attention, practical solutions for real-world applications remain scarce in the existing literature. Numerous surveys have explored literature within the domain. Still, there is a notable lack of emphasis on the design of ransomware detection systems and the practical aspects of detection, including real-time and early detection. Against this backdrop, our review delves into the existing literature on ransomware detection, specifically examining the machine-learning techniques, detection approaches, and designs employed. Finally, we highlight the limitations of prior studies and propose future research directions in this crucial area.

show abstract

Section: B: Network Featuresmentioning

confidence: 99%

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Ispahany,

Islam,

Islam

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In order to improve the performance of their model, a transfer learning mechanism was employed. In their dissertation, Li et al [83] proposed new algorithms, based on Broad Learning System, both with and without incremental learning, to classify ransomware and other types of attacks. The authors used a number of machine learning models to detect the malicious behavior of network users.…”

Section: C: Other Platformsmentioning

confidence: 99%

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

et al. 2023

View full text Add to dashboard Cite

The proliferation of ransomware has become a significant threat to cybersecurity in recent years, causing significant financial, reputational, and operational damage to individuals and organizations. This paper aims to provide a comprehensive overview of the evolution of ransomware, its taxonomy, and its state-of-the-art research contributions. We begin by tracing the origins of ransomware and its evolution over time, highlighting the key milestones and major trends. Next, we propose a taxonomy of ransomware that categorizes different types of ransomware based on their characteristics and behavior. Subsequently, we review the existing research over several years in regard to detection, prevention, mitigation, and prediction techniques. Our extensive analysis, based on more than 150 references, has revealed that significant research, specifically 72.8%, has focused on detecting ransomware. However, a lack of emphasis has been placed on predicting ransomware. Additionally, of the studies focused on ransomware detection, a significant portion, 70%, have utilized machine learning methods. We further discuss the challenges found such as the ones related to obtaining ransomware datasets. In addition, our study uncovers a range of shortcomings in research pertaining to real-time protection and identifying zero-day ransomware. Adversarial machine learning exploitation has been identified as an under-researched area in the field. This survey is a constructive roadmap for researchers interested in ransomware research matters.

show abstract

“…Advanced ransomware variants are capable of manipulating file metadata in such a way that they masquerade as benign entities, effectively bypassing traditional static analysis [39,54]. This obfuscation can take various forms, including the strategic alteration of file extensions, the adjustment of file sizes to common document formats, and the manipulation of entropy levels to mimic non-encrypted files [52,55]. It has been observed that even when machine learning is applied to the analysis of metadata, there is a significant challenge in adapting to the continuous evolution of ransomware [9,29].…”

Section: File Metadata Analysismentioning

confidence: 99%

“…Despite this, the challenge of interpreting such data at a high level remains formidable [2,25,41]. Ransomware, with its ever-increasing sophistication, has been known to employ a variety of obfuscation techniques to cloak its activity, thereby eluding detection methods that are reliant on system call patterns [29,54,55].…”

Section: System Call Analysismentioning

confidence: 99%

“…The prevalent emphasis on local file interactions also presents a limitation, as it neglects the increasing prevalence of cloud storage services-a domain where ransomware can execute encryption remotely, away from the prying eyes of local monitoring tools [34,61,81]. Another critical challenge lies in distinguishing between the encryption activities of ransomware and those of legitimate encryption utilities, which can exhibit similar file manipulation behaviors [41,51,55].…”

Section: File Activity Monitoringmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods

Kang,

2023

Preprint

View full text Add to dashboard Cite

The proliferation of ransomware poses a significant threat to global cybersecurity. This study presents a comprehensive review of the methodologies employed in the detection and analysis of ransomware, emphasizing the dichotomy between static and dynamic analysis approaches. It introduces the historical context and the necessity for robust cybersecurity measures, followed by an outline of the methodological framework used to evaluate existing ransomware analysis techniques. The results detail the effectiveness and limitations of various analysis strategies, identifying key features and patterns that aid in the detection and classification of ransomware threats. The study concludes by summarizing the primary achievements, including the identification of gaps in current research and proposing future research directions aimed at enhancing ransomware detection and mitigation strategies. The synthesis provided in this survey offers a consolidated view of the state-of-the-art in ransomware threat analysis and serves as a resource for cybersecurity professionals and researchers.

show abstract

Machine Learning for Detecting the WestRock Ransomware Attack Using BGP Routing Records

Cited by 11 publications

References 9 publications

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods

Contact Info

Product

Resources

About