Anas AlMajali, Ahmad Qaffaf, Natali Alkayid, Y. Wadhawan
{"title":"Crypto-Ransomware Detection Using Selective Hashing","authors":"Anas AlMajali, Ahmad Qaffaf, Natali Alkayid, Y. Wadhawan","doi":"10.1109/ICECTA57148.2022.9990424","DOIUrl":null,"url":null,"abstract":"Ransomware is a malicious software that attempts to encrypt the user’s files and demand a ransom in exchange for decrypting the files. This malware may have catastrophic impacts on the availability of data and consequently on the services provided by the infected organizations and institutes. Ransomware detection has been a challenge for researchers in the past few years. In this paper, we propose a behavioral ransomware detection method that utilizes fast selective hashing techniques. By selective we mean that only few selected blocks from a file are used for similarity comparison. Our experimental results demonstrate the efficacy of the proposed method in ransonware detection in terms of detection time. For 1000 files of a total size of 20GB and a detection threshold set to five files, our proposed system is able to detect a ransomware on average within 2.76 seconds saving 99.5% of the total files without taking much of the system resources and affecting user experience.","PeriodicalId":337798,"journal":{"name":"2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICECTA57148.2022.9990424","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Ransomware is a malicious software that attempts to encrypt the user’s files and demand a ransom in exchange for decrypting the files. This malware may have catastrophic impacts on the availability of data and consequently on the services provided by the infected organizations and institutes. Ransomware detection has been a challenge for researchers in the past few years. In this paper, we propose a behavioral ransomware detection method that utilizes fast selective hashing techniques. By selective we mean that only few selected blocks from a file are used for similarity comparison. Our experimental results demonstrate the efficacy of the proposed method in ransonware detection in terms of detection time. For 1000 files of a total size of 20GB and a detection threshold set to five files, our proposed system is able to detect a ransomware on average within 2.76 seconds saving 99.5% of the total files without taking much of the system resources and affecting user experience.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
