检索结果-南通市图书馆

Byte Frequency Based Indicators for Crypto-ransomware Detection from Empirical Analysis

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Journal of Computer Science & Technology 2022年第2期37卷 423-442页

作者： Geun Yong Kim Joon-Young Paik Yeongcheol Kim Eun-Sun Cho Department of Computer Science and Engineering Chungnam National UniversityDaejeon 34134South Korea School of Computer Science and Technology Tiangong UniversityTianjin 300387China

File entropy is one of the major indicators of crypto-ransomware because the encryption by ransomware increases the randomness of file ***,entropy-based ransomware detection has certain limitations;for example,when distinguishing ransomware-encrypted files from normal files with inherently high-level entropy,misclassification is very *** addition,the entropy evaluation cost for an entire file renders entropy-based detection impractical for large *** this paper,we propose two indicators based on byte frequency for use in ransomware detection;these are termed EntropySA and DistSA,and both consider the interesting characteristics of certain file subareas termed“sample areas”(SAs).For an encrypted file,both the sampled area and the whole file exhibit high-level randomness,but for a plain file,the sampled area embeds informative structures such as a file header and thus exhibits relatively low-level randomness even though the entire file exhibits high-level *** and DistSA use“byte frequency”and a variation of byte frequency,respectively,derived from sampled *** indicators cause less overhead than other entropy-based detection methods,as experimentally proven using realistic ransomware *** evaluate the effectiveness and feasibility of our indicators,we also employ three expensive but elaborate classification models(neural network,support vector machine and threshold-based approaches).Using these models,our experimental indicators yielded an average Fl-measure of 0.994 and an average detection rate of 99.46%for file encryption attacks by realistic ransomware samples.

关键词： computer security cryptography machine learning ransomware

An Asset-Based Approach to Mitigate Zero-Day ransomware Attacks

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2022年第11期73卷 3003-3020页

作者： Farag Azzedin Husam Suwad Md Mahfuzur Rahman Information&Computer Science Department KFUPMDhahranKSA

This article presents an asset-based security system where security practitioners build their systems based on information they own and not solicited by observing attackers’*** security solutions rely on information coming from *** are current monitoring and detection security solutions such as intrusion prevention/detection systems and *** article envisions creating an imbalance between attackers and defenders in favor of *** such,we are proposing to flip the security game such that it will be led by defenders and not *** are proposing a security system that does not observe the behavior of the *** the contrary,we draw,plan,and follow up our own protection strategy regardless of the attack *** objective of our security system is to protect assets rather than protect against *** machine introspection is used to intercept,inspect,and analyze system *** system callbased approach is utilized to detect zero-day ransomware *** core idea is to take advantage of Xen and DRAKVUF for system call interception,and leverage system calls to detect illegal operations towards identified critical *** utilize our vision by proposing an asset-based approach to mitigate zero-day ransomware *** obtained results are promising and indicate that our prototype will achieve its goals.

关键词： Zero-day attacks ransomware system calls virtual machine introspection

An Immunization Scheme for ransomware

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2020年第8期64卷 1051-1061页

作者： Jingping Song Qingyu Meng Chenke Luo Nitin Naik Jian Xu Software College Northeastern UniversityShenyang110169China School of Cyber Science and Engineering Wuhan UniversityWuhan430072China School of Computing University of PortsmouthPortsmouthPO12DTUK

In recent years,as the popularity of anonymous currencies such as Bitcoin has made the tracking of ransomware attackers more difficult,the amount of ransomware attacks against personal computers and enterprise production servers is increasing *** ransomware has a wide range of influence and spreads all over the *** is affecting many industries including internet,education,medical care,traditional industry,*** paper uses the idea of virus immunity to design an immunization solution for ransomware viruses to solve the problems of traditional ransomware defense methods(such as anti-virus software,firewalls,etc.),which cannot meet the requirements of rapid detection and immediate prevention of new outbreaks *** scheme includes two parts:server and *** server provides an immune configuration file and configuration file management functions,including a configuration file module,a cryptography algorithm module,and a display *** client obtains the immunization configuration file from server in real time,and performs the corresponding operations according to the configuration file to make the computer have an immune function for a specific ransomware,including an update module,a configuration file module,a cryptography algorithm module,a control module,and a log *** scheme controls mutexes,services,files and registries respectively,to destroy the triggering conditions of the virus and finally achieve the purpose of immunizing a computer from a specific ransomware.

关键词： Malware ransomware malware immunization

A User-friendly Model for ransomware Analysis Using Sandboxing

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2021年第6期67卷 3833-3846页

作者： Akhtar Kamal Morched Derbali Sadeeq Jan Javed Iqbal Bangash Fazal Qudus Khan Houssem Jerbi Rabeh Abbassi Gulzar Ahmad Department of Computer Science&Information Technology National Center for Cyber SecurityUniversity of Engineering&TechnologyPeshawar25120Pakistan Department of Information Technology Faculty of Computing and Information TechnologyKing Abdulaziz UniversityJeddah21589Saudi Arabia Institute of Computer Sciences and Information Technology(ICS/IT) University of AgriculturePeshawar25130Pakistan Department of Industrial/Electrical Engineering College of EngineeringUniversity of Ha’ilHail1234Saudi Arabia Department of Electrical Engineering University of Engineering&TechnologyPeshawar25120Pakistan

ransomware is a type of malicious software that blocks access to a computer by encrypting user’s files until a ransom is paid to the *** have been several reported high-profile ransomware attacks including WannaCry,Petya,and Bad Rabbit resulting in losses of over a billion dollars to various individuals and businesses in the *** analysis of ransomware is often carried out via sandbox environments;however,the initial setup and configuration of such environments is a challenging ***,it is difficult for an ordinary computer user to correctly interpret the complex results presented in the reports generated by such environments and analysis *** this research work,we aim to develop a user-friendly model to understand the taxonomy and analysis of ransomware ***,we aim to present the results of analysis in the form of summarized reports that can easily be understood by an ordinary computer *** model is built on top of the well-known Cuckoo sandbox environment for identification of the ransomware as well as generation of the summarized *** addition,for evaluating the usability and accessibility of our proposed model,we conduct a comprehensive user survey consisting of participants from various fields,e.g.,professional developers from software houses,people from academia(professors,students).Our evaluation results demonstrate a positive feedback of approximately 92%on the usability of our proposed model.

关键词： ransomware sandbox user-friendly model survey

ransomware恶意软件的检测与阻止技术研究

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Ransomware恶意软件的检测与阻止技术研究

作者：苏继鹏西安电子科技大学

学位级别：硕士

近几年来,ransomware开始在全球肆虐,给用户带来巨大的安全威胁。ransomware主要通过加密用户文件或者将用户机器锁屏的方式使受害者无法使用自己的机器,并以此为条件,向用户勒索钱财。ransomware已经给许多企业、政府、组织和个人带来... 详细信息

近几年来,ransomware开始在全球肆虐,给用户带来巨大的安全威胁。ransomware主要通过加密用户文件或者将用户机器锁屏的方式使受害者无法使用自己的机器,并以此为条件,向用户勒索钱财。ransomware已经给许多企业、政府、组织和个人带来了极大的危害,造成了巨大的经济损失,成为了互联网安全最严重的威胁之一。当前,业界的相关研究人员提出了多个检测和阻止ransomware的技术方案。然而,当前技术方案存在着一些共有的局限性,这主要包括:第一,检测系统和ransomware处于同一个操作系统中,容易遭到具有系统级权限的ransomware的攻击,被其绕过;第二,当前检测系统仅仅利用ransomware的文件行为特征进行检测,而由于ransomware的文件操作行为和某些良性应用相似,容易造成误报。针对当前检测系统的局限性,本文提出了一种基于虚拟机自省（Virtual Machine Introspection,VMI）技术的大规模ransomware防御系统。该系统利用VMI技术捕获虚拟机中与文件和网络操作相关的系统调用,解析系统调用参数,获取当前进程上下文信息,从而实现对虚拟机文件系统和网络的监控。然后在监控信息的基础上,依据ransomware文件和网络活动的行为模式和合理的检测策略实现对ransomware的检测和阻止。该系统能够很好的克服当前系统的局限性:首先,由于它采用了VMI技术,防御系统处于虚拟机外部的虚拟机监视器中,虚拟机中的ransomware无法对原型系统进行攻击。其次,通过研究发现,大多数的ransomware同时具有文件活动和网络活动,该系统通过同时对进程的文件活动和网络活动进行监控,并且在制定检测策略时同时考虑ransomware的文件活动和网络活动特征,能够大大提升系统检测ransomware的精确度。论文通过对一些已知类型的ransomware样本进行测试,分析并总结出了ransomware的3种文件操作模式和2种网络操作模式;然后基于KVM hypervisor设计并实现了原型系统。为了测试原型系统的有效性和性能,本文收集了2767个类型未被标记的恶意软件样本集,对原型系统进行了大规模的功能测试。测试结果表明,原型系统从2767个未知样本中成功检测出了534个ransomware样本并对它们进行了阻止,且误报率为0。性能测试结果表明,本文原型系统所带来的性能损耗较低（平均＜6%）。

关键词： ransomware 虚拟机自省系统调用 Hypervisor

ERAD: Enhanced ransomware Attack Defense System for Healthcare Organizations

同方学位论文库评论

在线全文

同方学位论文库

学校读者我要写书评

暂无评论

Journal of Software Engineering and Applications 2024年第5期17卷 270-296页

作者： Xinyue Li Vijay K. Madisetti School of Cybersecurity and Privacy Georgia Institute of Technology Atlanta Georgia USA

Digital integration within healthcare systems exacerbates their vulnerability to sophisticated ransomware threats, leading to severe operational disruptions and data breaches. Current defenses are typically categorized into active and passive measures that struggle to achieve comprehensive threat mitigation and often lack real-time response effectiveness. This paper presents an innovative ransomware defense system, ERAD, designed for healthcare environments that apply the MITRE ATT&CK Matrix to coordinate dynamic, stage-specific countermeasures throughout the ransomware attack lifecycle. By systematically identifying and addressing threats based on indicators of compromise (IOCs), the proposed system proactively disrupts the attack chain before serious damage occurs. Validation is provided through a detailed analysis of a system deployment against LockBit 3.0 ransomware, illustrating significant enhancements in mitigating the impact of the attack, reducing the cost of recovery, and strengthening the cybersecurity framework of healthcare organizations, but also applicable to other non-health sectors of the business world.

关键词： ransomware Healthcare Cybersecurity MITRE ATT&CK Matrix Incident Response ransomware Attack Lifecycle Digital Health Safety

A Graph Theory Based Self-Learning Honeypot to Detect Persistent Threats

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Intelligent Automation & Soft Computing 2023年第3期35卷 3331-3348页

作者： R.T.Pavendan K.Sankar K.A.Varun Kumar Department of Mathematics College of EngineeringAnna UniversityChennai600025India Department of Networking and Communications School of ComputingSRM Institute of Science and TechnologyKattankulathur602203India

Attacks on the cyber space is getting exponential in recent *** penetrations and breaches are real threats to the individuals and *** security systems are good enough to detect the known threats but when it comes to Advanced Persistent Threats(APTs)they *** APTs are targeted,more sophisticated and very persistent and incorporates lot of evasive techniques to bypass the existing ***,there is a need for an effective defense system that can achieve a complete reliance of *** address the above-mentioned issues,this paper proposes a novel honeypot system that tracks the anonymous behavior of the APT *** key idea of honeypot leverages the concepts of graph theory to detect such targeted *** proposed honey-pot is self-realizing,strategic assisted which withholds the APTs actionable tech-niques and observes the behavior for analysis and *** proposed graph theory based self learning honeypot using the resultsγ(C(n,1)),γc(C(n,1)),γsc(C(n,1))outperforms traditional techniques by detecting APTs behavioral with detection rate of 96%.

关键词： Graph theory Domination Connected Domination Secure Connected Domination honeypot self learning ransomware

Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computer Systems Science & Engineering 2023年第9期46卷 3103-3119页

作者： Khaled M.Alalayah Fatma S.Alrayes Mohamed K.Nour Khadija M.Alaidarous Ibrahim M.Alwayle Heba Mohsen Ibrahim Abdulrab Ahmed Mesfer Al Duhayyim Department of Computer Science College of Science and ArtsNajran UniversitySharurahSaudi Arabia Department of Information Systems College of Computer and Information SciencesPrincess Nourah bint Abdulrahman UniversityP.O.Box 84428Riyadh11671Saudi Arabia Department of Computer Sciences College of Computing and Information SystemUmm Al-Qura UniversitySaudi Arabia Department of Computer Science Faculty of Computers and Information TechnologyFuture University in EgyptNew Cairo11835Egypt Computer Department Applied CollegeNajran UniversityNajran66462Saudi Arabia Department of Computer Science College of Computer Engineering and SciencesPrince Sattam bin Abdulaziz UniversityAl-Kharj16273Saudi Arabia

Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and *** malicious software programs come under different classifications,namely Trojans,viruses,spyware,worms,ransomware,Rootkit,botnet malware,*** is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it;then,the user pays a ransom procedure of a sum of *** prevent detection,various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine Learning(ML)*** study focuses on designing a Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection(LBAAA-OMLMD)approach in Computer *** presented LBAAA-OMLMDmodelmainly aims to detect and classify the existence of ransomware and goodware in the *** accomplish this,the LBAAA-OMLMD model initially derives a Learning-Based Artificial Algae Algorithm based Feature Selection(LBAAA-FS)model to reduce the curse of dimensionality ***,the Flower Pollination Algorithm(FPA)with Echo State Network(ESN)Classification model is *** FPA model helps to appropriately adjust the parameters related to the ESN model to accomplish enhanced classifier *** experimental validation of the LBAAA-OMLMD model is tested using a benchmark dataset,and the outcomes are inspected in distinct *** comprehensive comparative examination demonstrated the betterment of the LBAAAOMLMD model over recent algorithms.

关键词： Computer networks machine learning security malware detection feature selection ransomware

Information Assurance Technique for Mitigation of Data Breaches in the Human Service Sector

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

International Journal of Communications, Network and System Sciences 2022年第2期15卷 15-30页

作者： Chevroen Washington Phillip Yarbrough Shavon Parker Rafia Islam Vishnu Vardhan Patamsetti Olatunde Abiona Department of Computer Information Systems Indiana University Northwest Gary USA

This research paper analyzes data breaches in the human service sector. The hypothesis for the solution to this problem is that there will be a significant reduction in data breaches in the human service sector due to an increase in information assurance. The hypothesis is tested using data from the United States Department of Health and Human Services data breach notification repository during January 2018-December 2020. Our result shows that without the increased mitigation of information assurance, data breaches in the human service sector will continue to increase.

关键词： Information Assurance ransomware Data Breach Hacker HIPPA Phishing Department of Health and Human Services