Manaar Alam, Sarani Bhattacharya, Swastika Dutta, S. Sinha, Debdeep Mukhopadhyay, A. Chattopadhyay
{"title":"RATAFIA: Ransomware Analysis using Time And Frequency Informed Autoencoders","authors":"Manaar Alam, Sarani Bhattacharya, Swastika Dutta, S. Sinha, Debdeep Mukhopadhyay, A. Chattopadhyay","doi":"10.1109/HST.2019.8740837","DOIUrl":null,"url":null,"abstract":"Ransomware can produce direct and controllable economic loss making it one of the most prominent threats in cybersecurity. According to the latest statistics, more than half of the malwares reported in Q1 of 2017 are ransomwares, and there is a potential threat of novice cybercriminals accessing ransomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was first introduced in 1996. Since then, variants of ransomware emerged with different cryptosystems and larger key sizes; however, the underlying techniques remained the same. There are several works in the literature which propose a generic framework to detect these ransomwares; though, most of them target ransomwares having specific classes of the encryption algorithm. In addition to it, most of these methods either require Operating System (OS) kernel modification or have high detection latency. In this work, we present a generalized two-step unsupervised detection framework: RATAFIA which uses a Deep Neural Network architecture and Fast Fourier Transformation to develop a highly accurate, fast and reliable solution to ransomware detection using minimal tracepoints. The proposed method does not require any OS kernel modification making it adaptable to most of the modern-day system. We also introduce a special detection module for successful identification of benign disk encryption processes having similar characteristics like malicious ransomware programs but having a different intention. We provide a comprehensive study to evaluate the performance of RATAFIA in the presence of standard benchmark programs, disk encryption and regular high computational processes in the light of software security.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"2018 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2019.8740837","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 23
Abstract
Ransomware can produce direct and controllable economic loss making it one of the most prominent threats in cybersecurity. According to the latest statistics, more than half of the malwares reported in Q1 of 2017 are ransomwares, and there is a potential threat of novice cybercriminals accessing ransomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was first introduced in 1996. Since then, variants of ransomware emerged with different cryptosystems and larger key sizes; however, the underlying techniques remained the same. There are several works in the literature which propose a generic framework to detect these ransomwares; though, most of them target ransomwares having specific classes of the encryption algorithm. In addition to it, most of these methods either require Operating System (OS) kernel modification or have high detection latency. In this work, we present a generalized two-step unsupervised detection framework: RATAFIA which uses a Deep Neural Network architecture and Fast Fourier Transformation to develop a highly accurate, fast and reliable solution to ransomware detection using minimal tracepoints. The proposed method does not require any OS kernel modification making it adaptable to most of the modern-day system. We also introduce a special detection module for successful identification of benign disk encryption processes having similar characteristics like malicious ransomware programs but having a different intention. We provide a comprehensive study to evaluate the performance of RATAFIA in the presence of standard benchmark programs, disk encryption and regular high computational processes in the light of software security.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
