Top

The Journal of Supercomputing

Published in:

25-07-2016

CloudRPS: a cloud analysis based enhanced ransomware prevention system

Authors: Jeong Kyu Lee, Seo Yeon Moon, Jong Hyuk Park

Published in: The Journal of Supercomputing | Issue 7/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Recently, indiscriminate ransomware attacks targeting a wide range of victims for monetary gains have become a worldwide social issue. In the early years, ransomware has used e-mails as attack method. The most common spreading method was through spam mail or harmful websites. In addition, social networking sites or smartphone messages are used. Ransomware can encrypt the user’s files and issues a warning message to the user and requests payment through bitcoin, which is a virtual currency that is hard to trace. It is possible to analyze ransomware but this has its limitations as new ransomware is being continuously created and disseminated. In this paper, we propose an enhanced ransomware prevention system based on abnormal behavior analysis and detection in cloud analysis system—CloudRPS. This proposed system can defend against ransomware through more in-depth prevention. It can monitors the network, file, and server in real time. Furthermore, it installs a cloud system to collect and analyze various information from the device and log information to defend against attacks. Finally, the goal of the system is to minimize the possibility of the early intrusion. And it can detect the attack quickly more to prevent at the user’s system in case of the ransomware compromises.

previous article A network attack forensic platform against HTTP evasive behavior

next article A secret push messaging service in VANET clouds

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Jang-Jaccard J, Nepal S (2014) A survey of emerging threats in cybersecurity. J Comput Syst Sci 80(5):973–993MathSciNetCrossRefMATH

Furnell S, Emm D, Papadaki M (2015) The challenge of measuring cyber-dependent crimes. Comput Fraud Secur 2015(10):5–12CrossRef

Jingle IDJ, Rajsingh EB (2014) ColShield: an effective and collaborative protection shield for the detection and prevention of collaborative flooding of DDoS attacks in wireless mesh networks. Hum. Centric Comput. Inf. Sci. 4(1) 1–19

Feng L, Liao X, Han Q, Li H (2013) Dynamical analysis and control strategies on malware propagation model. Appl Math Model 37(16–17):8225–8236MathSciNetCrossRef

Symantec (2014) Internet security threat report. http://www.symantec.com/security_response/publications/threatreport.jsp

Andronio N, Zanero S, Maggi F (2015) HELDROID: dissecting and detecting mobile ransomware, RAID 2015, LNCS 9404, pp 382–404

Everett C (2016) Ransomware: to pay or not to pay? Comput Fraud Secur 2016(4):8–12CrossRef

Elsevier Network security (2016) Ransomware expands, attacks hospitals and local authorities, and moves to new platforms. 2016(3):1–2. Editied by Steve Mansfield-Devine, Publishing Director: Bethan Keall. http://www.sciencedirect.com/science/article/pii/S1353485816300228

Nath HV, Mehtre BM (2014) Static Malware analysis using machine learning methods. Second International Conference SNDS 2014 Proceedings, Communications in Computer and Information Science, vol 420, pp 440–450

10.

Cisco (2015) Ransomware on steroids: Crytowall 2.0. http://www.blogs.cisco.com/security/talos/crptowall-2

11.

Threatpost (2013) Researchers uncover affiliate network for ransomware, by Tom Spring. https://www.threatpost.com/researchers-uncover-affiliate-network-for-ransomware/118452/

12.

Journal Network Security (2015) Ransomware defeated but new forms emerge. 2015(11). Editied by Steve Mansfield-Devine, Sarah Gordon, Publishing Director: Deborah Logan. http://www.dl.acm.org/citation.cfm?id=2850884

13.

Narudin FA, Feizollah A, Anuar NB, Gani A (2014) Evaluation of machine learning classifiers for mobile malware detection. Soft Comput Methodol Appl 20(1):343–357CrossRef

14.

Gazet A (2010) Comparative analysis of various ransomware virii. J Comput Virol 6(1):77–90CrossRef

15.

Microsoft. File system minifilter drivers. https://www.msdn.microsoft.com/enus/library/windows/hardware/ff540402%28v=vs.85%29.aspx,2014

16.

Spagnuolo M, Maggi F, Zanero S (2014) BitIodine: extracting intelligence from the bitcoin network. Financial cryptography and data security (FC 2014), LNCS, vol 8437, pp 452–463

17.

Xing X, Meng W, Lee B, Weinsberg U, Sheth A, Perdisci R, Lee W (2015) Understanding malvertising through Ad-injecting browser extensions. WWW ’15 Proceedings of the 24th International Conference on World Wide Web, pp 1286–1295

18.

Sood AK, Enbody RJ (2011) Malvertising—exploiting web advertising. Comput Fraud Secur 2011(4):11–16CrossRef

19.

Symantec (2013) Massive malvertising campaign leads to browser-locking ransomware. http://www.symantec.com/connect/blogs/massive-malvertising-campaign-leads-browser-locking-ransomware

20.

Malware don’t need Coffee (2015) Guess who’s back again? Cryptowall3.0. http://www.malware.dontneedcoffee.com/2015/01/guess-whos-back-again-cryptowall-30.html

21.

Cabaj K, Gawkowski P, Grochowski K, Osojca D (2015) Network activity analysis of CryptoWall ransomware. PRZEGLAD ELEKTROTECHNICZNY 2015(15):201–204

22.

Dell secureworks (2014) Cryptolocker ransomware. http://www.secureworks.com/cyber-threatintelligence/threats/cryptolocker-ransomware/

23.

Mansfield-Devine S (2014) Tor under attack. Comput Fraud Secur 2014(8):15–18CrossRef

24.

Cisco (2015) Threat spotlight: TeslaCrypt—decrypt it yourself. http://www.blogs.cisco.com/security/talos/teslacryptj

25.

RanCERT (2015) https://www.rancert.com/bbs/bbs.phpmode=view&id=18&bbs_id=case&page=2&part=&keyword=

26.

EnigmaSoftware (2016) locky File extension’ ransomware. http://www.enigmasoftware.com/lockyfileextensionransomwareremoval/

27.

Kharraz A, Robertson W, Balzarotti D, Bilge L, Kirda E (2015) Cutting the Gordian knot: a look under the hood of ransomware attacks. Detection of Intrusions and Malware, and Vulnerability Assessment(DIMVA): 12th International Conference, pp 3–24

28.

Yang T, Yang Y, Qian K, Lo DCT, Qian Y, Tao L (2015) Automated Detection and Analysis for Android Ransomware. In: HPCC-CSS-ICESS ’15 Proceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and Systems. IEEE Computer Society Washington, DC, USA, pp 1338–1343

29.

Ahmadian MM, Shahriari HR, Ghaffarian SM (2015) Connection-monitor & connection-breaker: a novel approach for prevention and detection of high survivable Ransomware. In: 12th International ISC Conference on Information Security and Cryptology (ISCISC 2015), pp 79–84

30.

Gazet A (2010) Comparative analysis of various ransomware virii. J Comput Virol 6(1):77–90CrossRef

31.

Mercaldo F, Nardone V, Santone A, Visaggio CA (2016) Ransomware steals your phone. Formal methods rescue it. In: Lecture Notes in Computer Science, vol 9688. pp 212–221

32.

Rasthofer S, Asrar I, Huber S, Bodden E (2015) How current android malware seeks to evade automated code analysis. 9th IFIP WG 11.2 International Conference, WISTP 2015, Heraklion, Crete, Greece, August 24–25, 2015. Proceedings, Information Security Theory and Practice, vol 9311, pp 187–202

Title: CloudRPS: a cloud analysis based enhanced ransomware prevention system
Authors: Jeong Kyu Lee
Seo Yeon Moon
Jong Hyuk Park
Publication date: 25-07-2016
Publisher: Springer US
Published in: The Journal of Supercomputing / Issue 7/2017
Print ISSN: 0920-8542
Electronic ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-016-1825-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 7/2017

Big data pre-processing methods with vehicle driving data using MapReduce techniques

A multi-level behavior network-based dangerous situation recognition method in cloud computing environments

Dealing with structural changes on provisioning resources for deadline-constrained workflow

Node connectivity analysis in cloud-assisted IoT environments

An efficient cloud storage system for tele-health services

Efficient cooperative relaying in flying ad hoc networks using fuzzy-bee colony optimization

Premium Partner