Ebrahim Mahdipour, Ali Aghamohammadpour, I. Attarzadeh
{"title":"Ransomware Modeling Based on a Process Mining Approach","authors":"Ebrahim Mahdipour, Ali Aghamohammadpour, I. Attarzadeh","doi":"10.52547/itrc.14.3.27","DOIUrl":null,"url":null,"abstract":"— Ransomware attacks are taking advantage of the ongoing coronavirus pandemics and attacking the vulnerable systems in the health sector. Modeling ransomware attacks help to identify and simulate attacks against security environments, using likely adversary techniques. Process Mining (PM) is a field of study that focuses on analyzing process logs linked with the execution of the processes of a system to acquire insight into the variety of characteristics of how the functions behave. This paper presents a PM conformance-based approach to determining ransomware processes. First, frequent ransomware techniques were identified using state-of-the-art MITRE ATT&CK. Then, a model was developed to gather ransomware techniques using a process-based approach. The PM-based Prom tool is used to check the conformance of malware processes alongside the presented model to illustrate its efficiency. The model can identify chain processes associated with ransom-related behaviors. In this study, the presented model was evaluated using thirty common malwares in the healthcare industry. The approach demonstrates that this model could successfully classify ninety percent of malware instances as ransomware and non-ransomware. Finally, guidelines for future research are provided. We believe the proposed method will uncover behavioral models that will enable us to hunt ransomware threats.","PeriodicalId":270455,"journal":{"name":"International Journal of Information and Communication Technology Research","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information and Communication Technology Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.52547/itrc.14.3.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
— Ransomware attacks are taking advantage of the ongoing coronavirus pandemics and attacking the vulnerable systems in the health sector. Modeling ransomware attacks help to identify and simulate attacks against security environments, using likely adversary techniques. Process Mining (PM) is a field of study that focuses on analyzing process logs linked with the execution of the processes of a system to acquire insight into the variety of characteristics of how the functions behave. This paper presents a PM conformance-based approach to determining ransomware processes. First, frequent ransomware techniques were identified using state-of-the-art MITRE ATT&CK. Then, a model was developed to gather ransomware techniques using a process-based approach. The PM-based Prom tool is used to check the conformance of malware processes alongside the presented model to illustrate its efficiency. The model can identify chain processes associated with ransom-related behaviors. In this study, the presented model was evaluated using thirty common malwares in the healthcare industry. The approach demonstrates that this model could successfully classify ninety percent of malware instances as ransomware and non-ransomware. Finally, guidelines for future research are provided. We believe the proposed method will uncover behavioral models that will enable us to hunt ransomware threats.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
