Cryptographic Ransomware Encryption Detection: Survey
<p dir="ltr">The ransomware threat has loomed over our digital life since 1989. Criminals use this type of cyber attack to lock or encrypt victims' data, often coercing them to pay exorbitant amounts in ransom. The damage ransomware causes ranges from monetary losses paid for ra...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , |
| منشور في: |
2023
|
| الموضوعات: | |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1864513558878879744 |
|---|---|
| author | Kenan Begovic (16393286) |
| author2 | Abdulaziz Al-Ali (16393288) Qutaibah Malluhi (3158757) |
| author2_role | author author |
| author_facet | Kenan Begovic (16393286) Abdulaziz Al-Ali (16393288) Qutaibah Malluhi (3158757) |
| author_role | author |
| dc.creator.none.fl_str_mv | Kenan Begovic (16393286) Abdulaziz Al-Ali (16393288) Qutaibah Malluhi (3158757) |
| dc.date.none.fl_str_mv | 2023-09-01T00:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1016/j.cose.2023.103349 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Cryptographic_Ransomware_Encryption_Detection_Survey/23540835 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Information and computing sciences Cybersecurity and privacy Ransomware Cybersecurity Crypto-ransomware Encryption Kill-Chain Survey |
| dc.title.none.fl_str_mv | Cryptographic Ransomware Encryption Detection: Survey |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p dir="ltr">The ransomware threat has loomed over our digital life since 1989. Criminals use this type of cyber attack to lock or encrypt victims' data, often coercing them to pay exorbitant amounts in ransom. The damage ransomware causes ranges from monetary losses paid for ransom at best to endangering human lives. Cryptographic ransomware, where attackers encrypt the victim's data, stands as the predominant ransomware variant. The primary characteristics of these attacks have remained the same since the first ransomware attack. For this reason, we consider this a key factor differentiating ransomware from other cyber attacks, making it vital in tackling the threat of cryptographic ransomware. This paper proposes a cyber kill chain that describes the modern crypto-ransomware attack. The survey focuses on the Encryption phase as described in our proposed cyber kill chain and its detection techniques. We identify three main methods used in detecting encryption-related activities by ransomware, namely API and System calls, I/O monitoring, and file system activities monitoring. Machine learning (ML) is a tool used in all three identified methodologies, and some of the issues within the ML domain related to this survey are also covered as part of their respective methodologies. The survey of selected proposals is conducted through the prism of those three methodologies, showcasing the importance of detecting ransomware during pre-encryption and encryption activities and the windows of opportunity to do so. We also examine commercial crypto-ransomware protection and detection offerings and show the gap between academic research and commercial applications.</p><h2>Other Information</h2><p dir="ltr">Published in: Computers & Security<br>License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="http://dx.doi.org/10.1016/j.cose.2023.103349" target="_blank">http://dx.doi.org/10.1016/j.cose.2023.103349</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_b50e7ba1a122d4e68376d015a88559d0 |
| identifier_str_mv | 10.1016/j.cose.2023.103349 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/23540835 |
| publishDate | 2023 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Cryptographic Ransomware Encryption Detection: SurveyKenan Begovic (16393286)Abdulaziz Al-Ali (16393288)Qutaibah Malluhi (3158757)Information and computing sciencesCybersecurity and privacyRansomwareCybersecurityCrypto-ransomwareEncryptionKill-ChainSurvey<p dir="ltr">The ransomware threat has loomed over our digital life since 1989. Criminals use this type of cyber attack to lock or encrypt victims' data, often coercing them to pay exorbitant amounts in ransom. The damage ransomware causes ranges from monetary losses paid for ransom at best to endangering human lives. Cryptographic ransomware, where attackers encrypt the victim's data, stands as the predominant ransomware variant. The primary characteristics of these attacks have remained the same since the first ransomware attack. For this reason, we consider this a key factor differentiating ransomware from other cyber attacks, making it vital in tackling the threat of cryptographic ransomware. This paper proposes a cyber kill chain that describes the modern crypto-ransomware attack. The survey focuses on the Encryption phase as described in our proposed cyber kill chain and its detection techniques. We identify three main methods used in detecting encryption-related activities by ransomware, namely API and System calls, I/O monitoring, and file system activities monitoring. Machine learning (ML) is a tool used in all three identified methodologies, and some of the issues within the ML domain related to this survey are also covered as part of their respective methodologies. The survey of selected proposals is conducted through the prism of those three methodologies, showcasing the importance of detecting ransomware during pre-encryption and encryption activities and the windows of opportunity to do so. We also examine commercial crypto-ransomware protection and detection offerings and show the gap between academic research and commercial applications.</p><h2>Other Information</h2><p dir="ltr">Published in: Computers & Security<br>License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="http://dx.doi.org/10.1016/j.cose.2023.103349" target="_blank">http://dx.doi.org/10.1016/j.cose.2023.103349</a></p>2023-09-01T00:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1016/j.cose.2023.103349https://figshare.com/articles/journal_contribution/Cryptographic_Ransomware_Encryption_Detection_Survey/23540835CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/235408352023-09-01T00:00:00Z |
| spellingShingle | Cryptographic Ransomware Encryption Detection: Survey Kenan Begovic (16393286) Information and computing sciences Cybersecurity and privacy Ransomware Cybersecurity Crypto-ransomware Encryption Kill-Chain Survey |
| status_str | publishedVersion |
| title | Cryptographic Ransomware Encryption Detection: Survey |
| title_full | Cryptographic Ransomware Encryption Detection: Survey |
| title_fullStr | Cryptographic Ransomware Encryption Detection: Survey |
| title_full_unstemmed | Cryptographic Ransomware Encryption Detection: Survey |
| title_short | Cryptographic Ransomware Encryption Detection: Survey |
| title_sort | Cryptographic Ransomware Encryption Detection: Survey |
| topic | Information and computing sciences Cybersecurity and privacy Ransomware Cybersecurity Crypto-ransomware Encryption Kill-Chain Survey |