2019
DOI: 10.1016/j.compeleceng.2019.03.012
|View full text |Cite
|
Sign up to set email alerts
|

Ransomware detection and mitigation using software-defined networking: The case of WannaCry

Abstract: Modern day ransomware families implement sophisticated encryption and propagation schemes, thus limiting chances to recover the data almost to zero. We investigate the use of software-defined networking (SDN) to detect and mitigate advanced ransomware threat. We present our ransomware analysis results and our developed SDN-based security framework. For the proof of concept, the infamous WannaCry ransomware was used. Based on the obtained results, we design an SDN detection and mitigation framework and develop … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
54
1

Year Published

2019
2019
2024
2024

Publication Types

Select...
4
4

Relationship

1
7

Authors

Journals

citations
Cited by 77 publications
(55 citation statements)
references
References 18 publications
0
54
1
Order By: Relevance
“…Since the Software Defined Networking (SDN) solutions are now a de-facto standard, the presence of a controller with a networkwide view can be a promising feature for blocking the malicious network traffic. Several research attempts have already been made to investigate this topic: for instance, the authors of [196] presented an SDN system which dynamically modifies the network structure when malware activity is discovered, and there are also a few studies focused on the ransomware [197], [198], [199], botnets [200] as well as zero-day attacks [201] detection. However, much more research is needed.…”
Section: Attack Trends and Research Directionsmentioning
confidence: 99%
“…Since the Software Defined Networking (SDN) solutions are now a de-facto standard, the presence of a controller with a networkwide view can be a promising feature for blocking the malicious network traffic. Several research attempts have already been made to investigate this topic: for instance, the authors of [196] presented an SDN system which dynamically modifies the network structure when malware activity is discovered, and there are also a few studies focused on the ransomware [197], [198], [199], botnets [200] as well as zero-day attacks [201] detection. However, much more research is needed.…”
Section: Attack Trends and Research Directionsmentioning
confidence: 99%
“…When it comes to ransomware with worm-spreading capabilities, researchers have studied two related families: WannaCry and ExPetr. For WannaCry [16], the suggestion is to use two applications. The first uses a dynamic IP blacklist to detect WannaCry's communication with its C&C, which prevents the victim's device from being encrypted.…”
Section: B Sdn-based Ransomware Detectionmentioning
confidence: 99%
“…That is, [13]- [15] propose approaches to detect ransomware communications with the C&C, in order, for example, to prevent a victim's device from being encrypted. On the other hand, approaches proposed in [16], [17] attempt to detect ransomwares' attempts to spread within a network. Our results of the BadRabbit ransomware analysis given later in Section IV indicate that a system infected with the BadRabbit ransomware does not make attempts to commu- nicate with third parties, as it depends on generating an encryption key using Microsoft libraries and then encrypting this key with a public key in a form of behaviour similar to that of ExPetr [17].…”
Section: Problem Statementmentioning
confidence: 99%
See 1 more Smart Citation
“…Currently, the popular use of machine learning in many sectors has inspired malware researcher to use the approach as ransomware detection system that helps to increase detection rates [5]. Furthermore, the increases of attacks from new ransomware families shows that attackers improving themselves with numerous cunning and sophisticated features such as encryption mechanisms or propagation of worm [6]. Hence, the motivation of this research is to study anomaly behavior of ransomware and analyze the behavior based on ransomware distinct features.…”
Section: Ransomware At Glancementioning
confidence: 99%