排序方式: 共有16条查询结果,搜索用时 15 毫秒
1.
Chee Keong Ng Sutharshan Rajasegarar Lei Pan Frank Jiang Leo Yu Zhang 《Concurrency and Computation》2020,32(14)
This research presents a novel framework comprising the IPS gateway, analysis system, and honeypot for identifying and detecting ransomware based on the client honeypot concept, and active interception of downloads using Suricata inline intruder prevention system. Unlike previous frameworks that report on the accuracy rate of detecting ransomware, the proposed framework features a multiple voting platform for the validation of confidence levels in the accuracy detection rates. The proposed framework achieves high accuracy levels than other machine learning models for the detection of ransomware. 相似文献
2.
Mesfer Al Duhayyim Heba G. Mohamed Fadwa Alrowais Fahd N. Al-Wesabi Anwer Mustafa Hilal Abdelwahed Motwakel 《计算机系统科学与工程》2023,46(2):1293-1310
The Internet of Things (IoT) has gained more popularity in research because of its large-scale challenges and implementation. But security was the main concern when witnessing the fast development in its applications and size. It was a dreary task to independently set security systems in every IoT gadget and upgrade them according to the newer threats. Additionally, machine learning (ML) techniques optimally use a colossal volume of data generated by IoT devices. Deep Learning (DL) related systems were modelled for attack detection in IoT. But the current security systems address restricted attacks and can be utilized outdated datasets for evaluations. This study develops an Artificial Algae Optimization Algorithm with Optimal Deep Belief Network (AAA-ODBN) Enabled Ransomware Detection in an IoT environment. The presented AAA-ODBN technique mainly intends to recognize and categorize ransomware in the IoT environment. The presented AAA-ODBN technique follows a three-stage process: feature selection, classification, and parameter tuning. In the first stage, the AAA-ODBN technique uses AAA based feature selection (AAA-FS) technique to elect feature subsets. Secondly, the AAA-ODBN technique employs the DBN model for ransomware detection. At last, the dragonfly algorithm (DFA) is utilized for the hyperparameter tuning of the DBN technique. A sequence of simulations is implemented to demonstrate the improved performance of the AAA-ODBN algorithm. The experimental values indicate the significant outcome of the AAA-ODBN model over other models. 相似文献
3.
以混合加密型勒索软件为研究对象,将设置诱饵文件和文件操作监控方法相结合,获取勒索软件文件加密过程中采用的加密密钥、加密算法、密文起始字段和密文长度等相关信息,并提出了被加密文件的还原方法。针对8个流行的勒索软件家族进行密文还原测试,测试结果表明了提出的还原方法的有效性。该密文还原方法适用于混合加密勒索软件密文还原,是现行勒索软件防御策略的有效补充。 相似文献
4.
Arpit Raj;Vedant Narayan;Vivek Muskan;Abhilash Sani;Pankaj Sharma;S. S. Sarma; 《SECURITY AND PRIVACY》2024,7(6):e436
Ransomware is a menace to the vibrant digital ecosystem. The exponential growth in ransomware attacks, its detrimental impacts, and the ever-changing methods adopted by threat actor groups demands a focused understanding of the evolution of ransomware. This would help the organizations devise novel defensive frameworks and security controls against the modern ransomware. In this work, the impacts and evolution of ransomware through different phases up to its current form are detailed. Further, based on the study and analysis of the most prevalent modern ransomware variants, their most used tactics, techniques and procedures (TTPs) are identified as per the MITRE ATT&CK model. This acts as a platform to propose a generic attack model for “modern ransomware.” Building on the existing MITRE mitigation, D3FEND-based approaches and considering the resource and budget constraints of organizations, a simplified three-tier defensive model that is cost-effective and implementable is put forward. Thus, this work aims to open avenues for understanding the TTPs, and attack methodology of “modern ransomware,” thereby developing feasible and implementable defensive security controls. 相似文献
5.
数字货币的迅速发展使其被越来越多的恶意软件利用.现有勒索软件通常使用数字货币作为支付手段,而现有代码注入攻击检测手段缺乏对相关恶意特征的考虑,使得其难以有效检测勒索软件的恶意行为.针对此问题,提出了一种细粒度的代码注入攻击检测内存特征方案,利用勒索软件在引导被攻击者支付过程中表现的数字货币内存特征,结合多种通用的细粒度内存特征,实现了一种细粒度的代码注入攻击检测系统.实验结果表明:新的内存特征方案能够在多个指标上有效提升现有检测系统内存特征方案的检测性能,同时使得基于主机的代码注入攻击检测系统能够准确检测勒索软件行为,系统还具有较好的内存特征提取性能及对未知恶意软件家族的检测能力. 相似文献
6.
Khaled M. Alalayah Fatma S. Alrayes Mohamed K. Nour Khadija M. Alaidarous Ibrahim M. Alwayle Heba Mohsen Ibrahim Abdulrab Ahmed Mesfer Al Duhayyim 《计算机系统科学与工程》2023,46(3):3103-3119
Malware is a ‘malicious software program that performs multiple cyberattacks on the Internet, involving fraud, scams, nation-state cyberwar, and cybercrime. Such malicious software programs come under different classifications, namely Trojans, viruses, spyware, worms, ransomware, Rootkit, botnet malware, etc. Ransomware is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it; then, the user pays a ransom procedure of a sum of money. To prevent detection, various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine Learning (ML) algorithm. This study focuses on designing a Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection (LBAAA-OMLMD) approach in Computer Networks. The presented LBAAA-OMLMD model mainly aims to detect and classify the existence of ransomware and goodware in the network. To accomplish this, the LBAAA-OMLMD model initially derives a Learning-Based Artificial Algae Algorithm based Feature Selection (LBAAA-FS) model to reduce the curse of dimensionality problems. Besides, the Flower Pollination Algorithm (FPA) with Echo State Network (ESN) Classification model is applied. The FPA model helps to appropriately adjust the parameters related to the ESN model to accomplish enhanced classifier results. The experimental validation of the LBAAA-OMLMD model is tested using a benchmark dataset, and the outcomes are inspected in distinct measures. The comprehensive comparative examination demonstrated the betterment of the LBAAA-OMLMD model over recent algorithms. 相似文献
7.
File entropy is one of the major indicators of crypto-ransomware because the encryption by ransomware increases the randomness of file contents. However, entropy-based ransomware detection has certain limitations; for example, when distinguishing ransomware-encrypted files from normal files with inherently high-level entropy, misclassification is very possible. In addition, the entropy evaluation cost for an entire file renders entropy-based detection impractical for large files. In this paper, we propose two indicators based on byte frequency for use in ransomware detection; these are termed EntropySA and DistSA, and both consider the interesting characteristics of certain file subareas termed \"sample areas' (SAs). For an encrypted file, both the sampled area and the whole file exhibit high-level randomness, but for a plain file, the sampled area embeds informative structures such as a file header and thus exhibits relatively low-level randomness even though the entire file exhibits high-level randomness. EntropySA and DistSA use \"byte frequency\" and a variation of byte frequency, respectively, derived from sampled areas. Both indicators cause less overhead than other entropy-based detection methods, as experimentally proven using realistic ransomware samples. To evaluate the effectiveness and feasibility of our indicators, we also employ three expensive but elaborate classification models (neural network, support vector machine and threshold-based approaches). Using these models, our experimental indicators yielded an average F1-measure of 0.994 and an average detection rate of 99.46% for file encryption attacks by realistic ransomware samples. 相似文献
8.
In recent years, as the popularity of anonymous currencies such as Bitcoin has made the tracking of ransomware attackers more difficult, the amount of ransomware attacks against personal computers and enterprise production servers is increasing rapidly. The ransomware has a wide range of influence and spreads all over the world. It is affecting many industries including internet, education, medical care, traditional industry, etc. This paper uses the idea of virus immunity to design an immunization solution for ransomware viruses to solve the problems of traditional ransomware defense methods (such as anti-virus software, firewalls, etc.), which cannot meet the requirements of rapid detection and immediate prevention of new outbreaks attacks. Our scheme includes two parts: server and client. The server provides an immune configuration file and configuration file management functions, including a configuration file module, a cryptography algorithm module, and a display module. The client obtains the immunization configuration file from server in real time, and performs the corresponding operations according to the configuration file to make the computer have an immune function for a specific ransomware, including an update module, a configuration file module, a cryptography algorithm module, a control module, and a log module. This scheme controls mutexes, services, files and registries respectively, to destroy the triggering conditions of the virus and finally achieve the purpose of immunizing a computer from a specific ransomware. 相似文献
9.
Muhammad Mubashir Khan Muhammad Faraz Hyder Shariq Mahmood Khan Junaid Arshad Muhammad M. Khan 《Concurrency and Computation》2023,35(7):e7592
Over the past decade, there has been a rapidly rising trend of malware (ransomware) that limits user access by encrypting the data and demanding the ransom against the decryption key. In most cases, such encryption may lead to a permanent data loss. In order to prevent this unwanted encryption, we propose a method based on Moving Target Defense (MTD) approach. Our method is based on the alteration of the attack surface to reduce the attack success ratio. We have used multiple layers of MTD. The first layer generates random extensions that hide the existing known file extensions. This will protect user files against those ransomware variants which encrypt files having some specific extensions. Our second layer of protection uses event-based MTD in which tasks are scheduled to change file extensions at the occurrence of specific events which mostly occur due to the execution of ransomware in the system. As a result of our proposed method, we have successfully protected user files against well-known ransomware variants such as WannaCry, Cerber, Locky, Tesla, Revil, Bitlocker, Darkside, Ranzy. 相似文献
10.
The number of ransomware variants has increased rapidly every year, and ransomware needs to be distinguished from the other types of malware to protect users' machines from ransomware‐based attacks. Ransomware is similar to other types of malware in some aspects, but other characteristics are clearly different. For example, ransomware generally conducts a large number of file‐related operations in a short period of time to lock or to encrypt files of a victim's machine. The signature‐based malware detection methods, which have difficulties to detect zero‐day ransomware, are not suitable to protect users' files against the attacks caused by risky unknown ransomware. Therefore, a new protection mechanism specialized for ransomware is needed, and the mechanism should focus on ransomware‐specific operations to distinguish ransomware from other types of malware as well as benign files. This paper proposes a ransomware detection method that can distinguish between ransomware and benign files as well as between ransomware and malware. The experimental results show that our proposed method can detect ransomware among malware and benign files. 相似文献