Cryptographic ransomware encryption detection: Survey
The ransomware threat has loomed over our digital life since 1989. Criminals use this type of cyber attack to lock or encrypt victims' data, often coercing them to pay exorbitant amounts in ransom. The damage ransomware causes ranges from monetary losses paid for ransom at best to endangering h...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , |
| التنسيق: | article |
| منشور في: |
2023
|
| الموضوعات: | |
| الوصول للمادة أونلاين: | http://dx.doi.org/10.1016/j.cose.2023.103349 https://www.sciencedirect.com/science/article/pii/S0167404823002596 http://hdl.handle.net/10576/49617 |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1857415085092241408 |
|---|---|
| author | Kenan, Begovic |
| author2 | Al-Ali, Abdulaziz Malluhi, Qutaibah |
| author2_role | author author |
| author_facet | Kenan, Begovic Al-Ali, Abdulaziz Malluhi, Qutaibah |
| author_role | author |
| dc.creator.none.fl_str_mv | Kenan, Begovic Al-Ali, Abdulaziz Malluhi, Qutaibah |
| dc.date.none.fl_str_mv | 2023-11-23T07:09:12Z 2023-09-30 |
| dc.format.none.fl_str_mv | application/pdf |
| dc.identifier.none.fl_str_mv | http://dx.doi.org/10.1016/j.cose.2023.103349 Begovic, K., Al-Ali, A., & Malluhi, Q. (2023). Cryptographic ransomware encryption detection: Survey. Computers & Security, 103349. 01674048 https://www.sciencedirect.com/science/article/pii/S0167404823002596 http://hdl.handle.net/10576/49617 132 |
| dc.language.none.fl_str_mv | en |
| dc.publisher.none.fl_str_mv | Elsevier |
| dc.rights.none.fl_str_mv | http://creativecommons.org/licenses/by/4.0/ info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Ransomware Cybersecurity Crypto-ransomware Encryption Kill-chain Survey |
| dc.title.none.fl_str_mv | Cryptographic ransomware encryption detection: Survey |
| dc.type.none.fl_str_mv | Article info:eu-repo/semantics/publishedVersion info:eu-repo/semantics/article |
| description | The ransomware threat has loomed over our digital life since 1989. Criminals use this type of cyber attack to lock or encrypt victims' data, often coercing them to pay exorbitant amounts in ransom. The damage ransomware causes ranges from monetary losses paid for ransom at best to endangering human lives. Cryptographic ransomware, where attackers encrypt the victim's data, stands as the predominant ransomware variant. The primary characteristics of these attacks have remained the same since the first ransomware attack. For this reason, we consider this a key factor differentiating ransomware from other cyber attacks, making it vital in tackling the threat of cryptographic ransomware. This paper proposes a cyber kill chain that describes the modern crypto-ransomware attack. The survey focuses on the Encryption phase as described in our proposed cyber kill chain and its detection techniques. We identify three main methods used in detecting encryption-related activities by ransomware, namely API and System calls, I/O monitoring, and file system activities monitoring. Machine learning (ML) is a tool used in all three identified methodologies, and some of the issues within the ML domain related to this survey are also covered as part of their respective methodologies. The survey of selected proposals is conducted through the prism of those three methodologies, showcasing the importance of detecting ransomware during pre-encryption and encryption activities and the windows of opportunity to do so. We also examine commercial crypto-ransomware protection and detection offerings and show the gap between academic research and commercial applications. |
| eu_rights_str_mv | openAccess |
| format | article |
| id | qu_d040c660d252798ac72984ca3fb7ccee |
| identifier_str_mv | Begovic, K., Al-Ali, A., & Malluhi, Q. (2023). Cryptographic ransomware encryption detection: Survey. Computers & Security, 103349. 01674048 132 |
| language_invalid_str_mv | en |
| network_acronym_str | qu |
| network_name_str | Qatar University repository |
| oai_identifier_str | oai:qspace.qu.edu.qa:10576/49617 |
| publishDate | 2023 |
| publisher.none.fl_str_mv | Elsevier |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | http://creativecommons.org/licenses/by/4.0/ |
| spelling | Cryptographic ransomware encryption detection: SurveyKenan, BegovicAl-Ali, AbdulazizMalluhi, QutaibahRansomwareCybersecurityCrypto-ransomwareEncryptionKill-chainSurveyThe ransomware threat has loomed over our digital life since 1989. Criminals use this type of cyber attack to lock or encrypt victims' data, often coercing them to pay exorbitant amounts in ransom. The damage ransomware causes ranges from monetary losses paid for ransom at best to endangering human lives. Cryptographic ransomware, where attackers encrypt the victim's data, stands as the predominant ransomware variant. The primary characteristics of these attacks have remained the same since the first ransomware attack. For this reason, we consider this a key factor differentiating ransomware from other cyber attacks, making it vital in tackling the threat of cryptographic ransomware. This paper proposes a cyber kill chain that describes the modern crypto-ransomware attack. The survey focuses on the Encryption phase as described in our proposed cyber kill chain and its detection techniques. We identify three main methods used in detecting encryption-related activities by ransomware, namely API and System calls, I/O monitoring, and file system activities monitoring. Machine learning (ML) is a tool used in all three identified methodologies, and some of the issues within the ML domain related to this survey are also covered as part of their respective methodologies. The survey of selected proposals is conducted through the prism of those three methodologies, showcasing the importance of detecting ransomware during pre-encryption and encryption activities and the windows of opportunity to do so. We also examine commercial crypto-ransomware protection and detection offerings and show the gap between academic research and commercial applications.Elsevier2023-11-23T07:09:12Z2023-09-30Articleinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://dx.doi.org/10.1016/j.cose.2023.103349Begovic, K., Al-Ali, A., & Malluhi, Q. (2023). Cryptographic ransomware encryption detection: Survey. Computers & Security, 103349.01674048https://www.sciencedirect.com/science/article/pii/S0167404823002596http://hdl.handle.net/10576/49617132enhttp://creativecommons.org/licenses/by/4.0/info:eu-repo/semantics/openAccessoai:qspace.qu.edu.qa:10576/496172024-07-23T15:52:03Z |
| spellingShingle | Cryptographic ransomware encryption detection: Survey Kenan, Begovic Ransomware Cybersecurity Crypto-ransomware Encryption Kill-chain Survey |
| status_str | publishedVersion |
| title | Cryptographic ransomware encryption detection: Survey |
| title_full | Cryptographic ransomware encryption detection: Survey |
| title_fullStr | Cryptographic ransomware encryption detection: Survey |
| title_full_unstemmed | Cryptographic ransomware encryption detection: Survey |
| title_short | Cryptographic ransomware encryption detection: Survey |
| title_sort | Cryptographic ransomware encryption detection: Survey |
| topic | Ransomware Cybersecurity Crypto-ransomware Encryption Kill-chain Survey |
| url | http://dx.doi.org/10.1016/j.cose.2023.103349 https://www.sciencedirect.com/science/article/pii/S0167404823002596 http://hdl.handle.net/10576/49617 |