nach oben

Journal of Computer Virology and Hacking Techniques

Erschienen in:

24.05.2021 | Original Paper

A framework for supporting ransomware detection and prevention based on hybrid analysis

verfasst von: Francesco Mercaldo

Erschienen in: Journal of Computer Virology and Hacking Techniques | Ausgabe 3/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Ransomware is a very effective form of malware, which recently raised a lot of attention since an impressive number of workstations was affected. This malware is able to encrypt the files located in the infected machine and block the access to them. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in bitcoins. In this paper we discuss an hybrid framework, combining static and dynamic analysis, exploiting APIs to prevent and mitigate ransomware threats. The evaluation, considering 1000 legitimate and ransomware applications, demonstrates that the hybrid API calls-based detection can be proved to be a promising direction in ransomware prevention and mitigation.

Vorheriger Artikel The blockchain potential in computer virology: leveraging combinatorial techniques of k-ary codes

Nächster Artikel RV-TEE: secure cryptographic protocol execution based on runtime verification

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

https://www.nomoreransom.org.

http://wapo.st/2pKyXum?tid=ss_tw&utm_term=.6887a06778fa.

https://www.goo.gl/N7PAjh.

https://www.goo.gl/Gyrt1N.

Barbuti, R., De Francesco, N., Santone, A., Vaglini, G.: Reduced models for efficient ccs verification. Formal Methods Syst. Des. 26(3), 319–350 (2005)CrossRef

Boukhtouta, A., Lakhdari, N.E., Debbabi, M.: Inferring malware family through application protocol sequences signature. In: 2014 6th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5 (2014). https://doi.org/10.1109/NTMS.2014.6814026

Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: Formal methods for prostate cancer gleason score and treatment prediction using radiomic biomarkers. Magn. Reson. Imaging 66, 165–175 (2019)CrossRef

Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: Neural networks for lung cancer detection through radiomic features. In: 2019 International Joint Conference on Neural Networks (IJCNN), pp. 1–10. IEEE (2019)

Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: An ensemble learning approach for brain cancer detection exploiting radiomic features. Comput. Methods Programs Biomed. 185, 105134 (2020)CrossRef

Cabaj, K., Gregorczyk, M., Mazurczyk, W.: Software-defined networking-based crypto ransomware detection using http traffic characteristics. Comput. Electr. Eng. 66, 353–368 (2017)CrossRef

Canfora, G., Medvet, E., Mercaldo, F., Visaggio, C.A.: Detection of malicious web pages using system calls sequences. In: Teufel, S., Min, T.A., You, I., Weippl, E. (eds.) Availability, Reliability, and Security in Information Systems, pp. 226–238. Springer, Cham (2014)

Canfora, G., Mercaldo, F., Moriano, G., Visaggio, C.A.: Composition-malware: building android malware at run time. In: 2015 10th International Conference on Availability, Reliability and Security (ARES), pp. 318–326. IEEE (2015)

Canfora, G., Mercaldo, F., Pirozzi, A., Visaggio, C.A.: How i met your mother? In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications, pp. 310–317. SCITEPRESS-Science and Technology Publications, Lda (2016)

10.

Canfora G., Mercaldo F., Visaggio C.A.: Evaluating op–code frequency histograms in malware and third–party mobile applications. In: International Conference on E–Business and Telecommunications, pp 201–222. Springer (2015)

11.

Carrera, E., Erdélyi, G.: Digital genome mapping—advanced binary malware analysis (2004)

12.

Ceccarelli, M., Cerulo, L., Santone, A.: De novo reconstruction of gene regulatory networks from time series data, an approach based on formal methods. Methods 69(3), 298–305 (2014). https://doi.org/10.1016/j.ymeth.2014.06.005CrossRef

13.

Ceron, J.M., Margi, C.B., Granville, L.Z.: Mars: An sdn-based malware analysis solution. In: 2016 IEEE Symposium on Computers and Communication (ISCC), pp. 525–530 (2016). https://doi.org/10.1109/ISCC.2016.7543792

14.

Cimino, M.G., De Francesco, N., Mercaldo, F., Santone, A., Vaglini, G.: Model checking for malicious family detection and phylogenetic analysis in mobile environment. Comput. Secur. 90, 101691 (2020)CrossRef

15.

Cimitile, A., Martinelli, F., Mercaldo, F., Nardone, V., Santone, A.: Formal methods meet mobile code obfuscation identification of code reordering technique. In: 2017 IEEE 26th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 263–268. IEEE (2017)

16.

Cimitile, A., Martinelli, F., Mercaldo, F., Nardone, V., Santone, A., Vaglini, G.: Model checking for mobile android malware evolution. In: 2017 IEEE/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE), pp. 24–30. IEEE (2017)

17.

Cimitile, A., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Talos: no more ransomware victims with formal methods. Int. J. Inf. Secur. 17(6), 719–738 (2018)

18.

Ciobanu, M.G., Fasano, F., Martinelli, F., Mercaldo, F., Santone, A.: Model checking for data anomaly detection. Procedia Comput. Sci. 159, 1277–1286 (2019)CrossRef

19.

Fabio, M., Albina, O., Francecso, M., Vittoria, N., Santone, A., Arun, S.: Human behaviour characterization for driving style recognition in vehicle system (2018)

20.

Francesco, N.D., Lettieri, G., Santone, A., Vaglini, G.: Grease: a tool for efficient “nonequivalence” checking. ACM Trans. Softw. Eng. Methodol. 23(3), 24 (2014)CrossRef

21.

Huang, K., Ye, Y., Jiang, Q.: Ismcs: An intelligent instruction sequence based malware categorization system. In: 2009 3rd International Conference on Anti-counterfeiting, Security, and Identification in Communication, pp. 509–512 (2009). https://doi.org/10.1109/ICASID.2009.5276989

22.

Institute, I.: Evolution in the World of Cyber Crime. Technical Report, Infosec Institute (2016). http://resources.infosecinstitute.com/evolution-in-the-world-of-cyber-crime/#gref. Accessed 13 May 2021

23.

Kinable, J., Kostakis, O.: Malware classification based on call graph clustering. J. Comput. Virol. 7(4), 233–245 (2011)CrossRef

24.

Kirda, E.: Unveil: a large-scale, automated approach to detecting ransomware (keynote). In: 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER), p. 1 (2017). https://doi.org/10.1109/SANER.2017.7884603

25.

Labs, M.: McAfee Labs Threats Report – December 2016. Technical Report, McAfee Labs (2016). https://www.mcafee.com/au/resources/reports/rp-quarterly-threats-dec-2016.pdf. Accessed 13 May 2021

26.

Liangboonprakong, C., Sornil, O.: Classification of malware families based on n-grams sequential pattern features. In: 2013 IEEE 8th Conference on Industrial Electronics and Applications (ICIEA), pp. 777–782 (2013). https://doi.org/10.1109/ICIEA.2013.6566472

27.

Martinelli, F., Mercaldo, F., Michailidou, C., Saracino, A.: Phylogenetic analysis for ransomware detection and classification into families. ICETE 2, 732–737 (2018)

28.

Martinelli, F., Mercaldo, F., Nardone, V., Santone, A.: Car hacking identification through fuzzy logic algorithms. In: 2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), pp. 1–7. IEEE (2017)

29.

Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Hey malware, I can find you! In: 2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 261–262. IEEE (2016)

30.

Pitolli, G., Aniello, L., Laurenza, G., Querzoni, L., Baldoni, R.: Malware family identification with birch clustering. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (2017). https://doi.org/10.1109/CCST.2017.8167802

31.

Provataki, A., Katos, V.: Differential malware forensics. Digit. Investig. 10(4), 311–322 (2013)CrossRef

32.

Rudman, L., Irwin, B.: Dridex: Analysis of the traffic and automatic generation of iocs. In: 2016 Information Security for South Africa (ISSA), pp. 77–84 (2016). https://doi.org/10.1109/ISSA.2016.7802932

33.

Sandbox, C.: Cuckoo Sandbox—Automated Malware Analysis. https://cuckoosandbox.org/ (2018). Accessed 06 Mar 2018

34.

Santone, A.: Automatic verification of concurrent systems using a formula-based compositional approach. Acta Inf. 38(8), 531–564 (2002)MathSciNetCrossRef

35.

Santone, A.: Clone detection through process algebras and java bytecode. In: IWSC, pp. 73–74. Citeseer (2011)

36.

Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312 (2016). https://doi.org/10.1109/ICDCS.2016.46

37.

Sgandurra, D., Muñoz-González, L., Mohsen, R., Lupu, E.C.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection (2016). arXiv preprint arXiv:1609.03020

38.

Wagener, G., State, R., Dulaunoy, A.: Malware behaviour analysis. J. Comput. Virol. 4(4), 279–287 (2008). https://doi.org/10.1007/s11416-007-0074-9CrossRef

39.

Wehner, S.: Analyzing worms and network traffic using compression. J. Comput. Secur. 15(3), 303–320 (2007)CrossRef

40.

Zhong, Y., Yamaki, H., Yamaguchi, Y., Takakura, H.: Ariguma code analyzer: efficient variant detection by identifying common instruction sequences in malware families. In: 2013 IEEE 37th Annual Computer Software and Applications Conference, pp. 11–20 (2013). https://doi.org/10.1109/COMPSAC.2013.6

Titel: A framework for supporting ransomware detection and prevention based on hybrid analysis
verfasst von: Francesco Mercaldo
Publikationsdatum: 24.05.2021
Verlag: Springer Paris
Erschienen in: Journal of Computer Virology and Hacking Techniques / Ausgabe 3/2021
Elektronische ISSN: 2263-8733
DOI: https://doi.org/10.1007/s11416-021-00388-w

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2021

A framework for formal analysis and simulative evaluation of security attacks in wireless sensor networks

The blockchain potential in computer virology: leveraging combinatorial techniques of k-ary codes

RV-TEE: secure cryptographic protocol execution based on runtime verification

Detection of crawler traps: formalization and implementation—defeating protection on internet and on the TOR network

Learning metamorphic malware signatures from samples

Editorial

Premium Partner