nach oben

Soft Computing

Erschienen in:

30.05.2018 | Focus

Ransomware detection method based on context-aware entropy analysis

verfasst von: Sangmoon Jung, Yoojae Won

Erschienen in: Soft Computing | Ausgabe 20/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Numerous countermeasures have been proposed since the first appearance of ransomware. However, many ransomware mutants continue to be created, and the damage they cause has been continually increasing. Existing antivirus tools are signature-dependent and cannot easily detect ransomware attack patterns. If the database used by the antivirus program does not contain the signature of the new malicious behavior, it is not possible to detect the new malware. Thus, the need has emerged for a normal/abnormal behavior analysis technique via a context-aware method. Therefore, a multilateral context-aware-based ransomware detection and response system model is presented in this paper. The proposed model is designed to preemptively respond to ransomware, and post-detection management is performed. An evaluation was conducted to obtain evidence that the given files were altered by ransomware through analyses based on multiple-context awareness. Entropy information was then used to detect abnormal behavior.

Vorheriger Artikel Reliable fault diagnosis of bearings with varying rotational speeds using envelope spectrum and convolution neural networks

Nächster Artikel Indoor positioning method using BITON and linear Kalman filter

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Hoe J (2011) Commercial antivirus software effectiveness: an empirical study. Computer 44:63–70. https://doi.org/10.1109/MC.2010.187 MathSciNetCrossRef

Joo JW (2015) Security considerations for a connected car. J Converg 6:1–9

Jung J-S (2014) An unified representation of context knowledge base for mobile context-aware system. J Inf Process Syst 10(4):581–588CrossRef

Kang WM (2017) An enhanced security framework for home appliances in smart home. Hum Cent Comput Inf Sci 7:6CrossRef

Kharraz A (2015) Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren M, Maggi F, Gulisano V (eds) Detection of intrusions and malware, and vulnerability assessment. Springer, Cham

Ki Y (2015) A novel approach to detect malware based on API call sequence analysis. Int J Distrib Sens Netw 11:659101CrossRef

Kim W (2010) Design and implementation of the detection tool of API hooking based on Window XP Kernel. J Secur Eng 7:385–397

Le Guernic C (2017) Ransomware and the legacy crypto API. In: 11th international conference on risks and security of internet and systems, CRiSIS 2016, Roscoff, France, 5–7 Sept 2016, Revised Selected Papers 10158

Lee JK (2016) HB-DIPM: human behavior analysis-based malware detection and intrusion prevention model in the future Internet. J Inf Process Syst 12(3):489–501

Scaif N (2016) CryptoLock (and Drop It): stopping ransomware attacks on user data. In: 2016 IEEE 36th international conference on distributed computing systems (ICDCS), Nara, 2016, pp 303–312. https://doi.org/10.1109/ICDCS

Song S (2016) The effective ransomware prevention technique using process monitoring on android platform. Mob Inf Syst

Willems C (2007) Toward automated dynamic malware analysis using CWS and box. IEEE Secur Priv 5:32–39CrossRef

Youn J-M (2017) How to detect and block ransomware with file extension management in MacOS. J Korea Inst Inf Secur Cryptol 27(2):251–258CrossRef

Titel: Ransomware detection method based on context-aware entropy analysis
verfasst von: Sangmoon Jung
Yoojae Won
Publikationsdatum: 30.05.2018
Verlag: Springer Berlin Heidelberg
Erschienen in: Soft Computing / Ausgabe 20/2018
Print ISSN: 1432-7643
Elektronische ISSN: 1433-7479
DOI: https://doi.org/10.1007/s00500-018-3257-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 20/2018

An improved genetic algorithm encoded by adaptive degressive ary number

When does a generalized Boolean quasiring become a Boolean ring?

Feature selection for entity extraction from multiple biomedical corpora: A PSO-based approach

Identity-based undetachable digital signature for mobile agents in electronic commerce

Assessing content-based conformance between software R&D documents and design guidelines using relevance links

Non-white matter tissue extraction and deep convolutional neural network for Alzheimer’s disease detection

Premium Partner