Deception-based Method for Ransomware Detection

Q2 Computer Science Journal of Internet Services and Information Security Pub Date : 2023-08-30 DOI:10.58346/jisis.2023.i3.012

TaeGuen Kim

{"title":"Deception-based Method for Ransomware Detection","authors":"TaeGuen Kim","doi":"10.58346/jisis.2023.i3.012","DOIUrl":null,"url":null,"abstract":"Ransomware is a rapidly growing malware threat that encrypts a user's files and demands a ransom for the decryption key. It has caused significant financial harm worldwide and is difficult to detect, especially when it's a new, unknown zero-day ransomware. Most commercial antivirus software relies on signature-based detection, which can be slow and inadequate for swiftly identifying suspicious programs. To tackle these challenges, this paper presents a ransomware protection method utilizing decoy files. Our deception-based protection method enhances ransomware detection with a fair decoy deployment strategy. Our method offers the advantage of robustly detecting ransomware compared to existing deception-based methods. Furthermore, it can effectively address ransomware that employs random access attacks, thereby bypassing deception-based detection techniques. In the evaluation, we provide a comprehensive analysis of our experimental results to vividly demonstrate the efficacy of our proposed method. Specifically, we introduce a random-access attack scenario that could potentially circumvent deception-based protection mechanisms. Furthermore, we assess the resilience of our method against such random-access attacks.","PeriodicalId":36718,"journal":{"name":"Journal of Internet Services and Information Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Internet Services and Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.58346/jisis.2023.i3.012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

Abstract

Ransomware is a rapidly growing malware threat that encrypts a user's files and demands a ransom for the decryption key. It has caused significant financial harm worldwide and is difficult to detect, especially when it's a new, unknown zero-day ransomware. Most commercial antivirus software relies on signature-based detection, which can be slow and inadequate for swiftly identifying suspicious programs. To tackle these challenges, this paper presents a ransomware protection method utilizing decoy files. Our deception-based protection method enhances ransomware detection with a fair decoy deployment strategy. Our method offers the advantage of robustly detecting ransomware compared to existing deception-based methods. Furthermore, it can effectively address ransomware that employs random access attacks, thereby bypassing deception-based detection techniques. In the evaluation, we provide a comprehensive analysis of our experimental results to vividly demonstrate the efficacy of our proposed method. Specifically, we introduce a random-access attack scenario that could potentially circumvent deception-based protection mechanisms. Furthermore, we assess the resilience of our method against such random-access attacks.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于欺骗的勒索软件检测方法

勒索软件是一种快速增长的恶意软件威胁，它对用户的文件进行加密，并要求支付赎金以获得解密密钥。它在全球范围内造成了重大的经济损失，而且很难被发现，尤其是当它是一种新的、未知的零日勒索软件时。大多数商业杀毒软件依赖于基于签名的检测，这种检测速度很慢，无法快速识别可疑程序。为了解决这些问题，本文提出了一种利用诱骗文件的勒索软件保护方法。我们的基于欺骗的保护方法通过公平的诱饵部署策略增强了勒索软件的检测。与现有的基于欺骗的方法相比，我们的方法具有鲁棒性检测勒索软件的优势。此外，它可以有效地解决使用随机访问攻击的勒索软件，从而绕过基于欺骗的检测技术。在评估中，我们对我们的实验结果进行了全面的分析，生动地展示了我们提出的方法的有效性。具体来说，我们引入了一个随机访问攻击场景，可以潜在地绕过基于欺骗的保护机制。此外，我们评估了我们的方法对这种随机访问攻击的弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊