Using ILP to Analyse Ransomware Attacks
نویسندگان
چکیده
This paper describes a preliminary study aimed at using the ILP system ALEPH to interactively assist human experts in learning rules to better understand the behaviour of cyberattacks. We develop an ILP formalism for representing network log data obtained from a sandbox computer that was deliberately infected with the CryptoWall-4 malware (a state-of-the-art ransomware attack known to be causing significant global disruption at the time of writing) and we show how ALEPH can be used to interactively learn simple rules comparable to those hand-crafted by a human expert. In so doing, we also identify some limitations of the mechanisms ALEPH currently provides to support incremental learning and we motivate some promising directions of future work.
منابع مشابه
Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks
In this paper, we present the results of a long-term study of ransomware attacks that have been observed in the wild between 2006 and 2014. We also provide a holistic view on how ransomware attacks have evolved during this period by analyzing 1,359 samples that belong to 15 different ransomware families. Our results show that, despite a continuous improvement in the encryption, deletion, and co...
متن کاملTechniques and Solutions for Addressing Ransomware Attacks
Ransomware is a form of extortion-based attack that locks the victim’s digital resources and requests money to release them. Although the concept of ransomware is not new (i.e., such attacks date back at least as far as the 1980s), this type of malware has recently experienced a resurgence in popularity. In fact, over the last few years, a number of high-profile ransomware attacks were reported...
متن کاملRAPTOR: Ransomware Attack PredicTOR
Ransomware, a type of malicious software that encrypts a victim’s files and only releases the cryptographic key once a ransom is paid, has emerged as a potentially devastating class of cybercrimes in the past few years. In this paper, we present RAPTOR, a promising line of defense against ransomware attacks. RAPTOR fingerprints attackers’ operations to forecast ransomware activity. More specifi...
متن کاملIdentifying the software and their families using the exploration techniques of sequential patterns in dynamic analysis
Nowadays, crypto-ransomware is considered as one of the most threats in cybersecurity. Crypto ransomware removes data access by encrypting valuable data and requests a ransom payment to allow data decryption. As ransomware is still new in the field of cybersecurity, there are few pieces of research focusing on detecting ransomware samples. Most published works considered System File and process...
متن کاملRisks, Limitations and the Need for Additional Measures Against Ransomware in the Health Information Technology Infrastructure
Introduction: Even before the Covid 19 pandemic, one of the lucrative targets for attackers behind ransomware attacks was Encroaching on the continuity of services in the field of health information technology. In this study, for the first time, while introducing, relying on statistics and modeling, it is shown that the prevention and counteraction of these attacks in the IT infrastructure of t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016