{"title":"在勒索软件攻击期间观察、测量和收集物理机器上的硬盘性能指标","authors":"Dimo Dimov, Yuliyan Tsonev","doi":"10.11610/isij.4723","DOIUrl":null,"url":null,"abstract":"Ransomware is a type of malicious activity aiming to prevent users from accessing their data by encrypting it. For the purposes of analysis of the behaviour of the crypto viruses, objectively collected data is required. Getting metrics from a virtual machine would be resembling the original behaviour of the ransomware on a physical device. Observing, measuring, collecting and extracting data on a physical device during and after encryption is challenging, since all the data would be corrupted once the encryption process is complete. By utilizing two user profiles, members of the local admin group and custom access control lists on certain recourse, a lab laptop is infected with five different samples of ransomware crypto viruses that do not require connection to the command and control server in order to function as intended. A data set of HDD metrics is successfully collected and extracted. A R T I C L E I N F O : RECEIVED: 28 APR 2020 REVISED: 16 MAY 2020 ONLINE: 18 MAY 2020 K E Y W O R D S : measurement, extraction, ransomware, encryption, malware, malicious, cybersecurity Creative Commons BY-NC 4.0","PeriodicalId":159156,"journal":{"name":"Information & Security: An International Journal","volume":"93 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Observing, Measuring and Collecting HDD Performance Metrics on a Physical Machine During Ransomware Attack\",\"authors\":\"Dimo Dimov, Yuliyan Tsonev\",\"doi\":\"10.11610/isij.4723\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ransomware is a type of malicious activity aiming to prevent users from accessing their data by encrypting it. For the purposes of analysis of the behaviour of the crypto viruses, objectively collected data is required. Getting metrics from a virtual machine would be resembling the original behaviour of the ransomware on a physical device. Observing, measuring, collecting and extracting data on a physical device during and after encryption is challenging, since all the data would be corrupted once the encryption process is complete. By utilizing two user profiles, members of the local admin group and custom access control lists on certain recourse, a lab laptop is infected with five different samples of ransomware crypto viruses that do not require connection to the command and control server in order to function as intended. A data set of HDD metrics is successfully collected and extracted. A R T I C L E I N F O : RECEIVED: 28 APR 2020 REVISED: 16 MAY 2020 ONLINE: 18 MAY 2020 K E Y W O R D S : measurement, extraction, ransomware, encryption, malware, malicious, cybersecurity Creative Commons BY-NC 4.0\",\"PeriodicalId\":159156,\"journal\":{\"name\":\"Information & Security: An International Journal\",\"volume\":\"93 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information & Security: An International Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.11610/isij.4723\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information & Security: An International Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.11610/isij.4723","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
摘要
勒索软件是一种恶意活动,旨在通过加密来阻止用户访问他们的数据。为了分析加密病毒的行为,需要客观地收集数据。从虚拟机获取指标将类似于勒索软件在物理设备上的原始行为。在加密期间和之后,在物理设备上观察、测量、收集和提取数据是具有挑战性的,因为一旦加密过程完成,所有数据都会损坏。通过使用两个用户配置文件、本地管理组成员和特定资源上的自定义访问控制列表,一台实验室笔记本电脑感染了五种不同的勒索软件加密病毒样本,这些病毒不需要连接到命令和控制服务器就可以按预期运行。成功地收集并提取了HDD指标的数据集。A R T I C L EI N F O:收稿日期:2020年4月28日修订日期:2020年5月16日在线日期:2020年5月18日K E Y O O R D S:测量、提取、勒索软件、加密、恶意软件、恶意软件、网络安全Creative Commons BY-NC 4.0
Observing, Measuring and Collecting HDD Performance Metrics on a Physical Machine During Ransomware Attack
Ransomware is a type of malicious activity aiming to prevent users from accessing their data by encrypting it. For the purposes of analysis of the behaviour of the crypto viruses, objectively collected data is required. Getting metrics from a virtual machine would be resembling the original behaviour of the ransomware on a physical device. Observing, measuring, collecting and extracting data on a physical device during and after encryption is challenging, since all the data would be corrupted once the encryption process is complete. By utilizing two user profiles, members of the local admin group and custom access control lists on certain recourse, a lab laptop is infected with five different samples of ransomware crypto viruses that do not require connection to the command and control server in order to function as intended. A data set of HDD metrics is successfully collected and extracted. A R T I C L E I N F O : RECEIVED: 28 APR 2020 REVISED: 16 MAY 2020 ONLINE: 18 MAY 2020 K E Y W O R D S : measurement, extraction, ransomware, encryption, malware, malicious, cybersecurity Creative Commons BY-NC 4.0
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
