Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics
نویسندگان
چکیده
Ransomware is currently the key threat for individual as well as corporate Internet users. Especially dangerous is crypto ransomware that encrypts important user data and it is only possible to recover it once a ransom has been paid. Therefore devising efficient and effective countermeasures is a rising necessity. In this paper we present a novel Software-Defined Networking (SDN) based detection approach that utilizes characteristics of ransomware communication. Based on the observation of network communication of two crypto ransomware families, namely CryptoWall and Locky we conclude that analysis of the HTTP messages’ sequences and their respective content sizes is enough to detect such threats. We show feasibility of our approach by designing and evaluating the proof-of-concept SDNbased detection system. Experimental results confirm that the proposed approach is feasible and efficient.
منابع مشابه
Identifying the software and their families using the exploration techniques of sequential patterns in dynamic analysis
Nowadays, crypto-ransomware is considered as one of the most threats in cybersecurity. Crypto ransomware removes data access by encrypting valuable data and requests a ransom payment to allow data decryption. As ransomware is still new in the field of cybersecurity, there are few pieces of research focusing on detecting ransomware samples. Most published works considered System File and process...
متن کاملAn automated approach to analysis and classification of Crypto-ransomwares’ family
There is no doubt that malicious programs are one of the permanent threats to computer systems. Malicious programs distract the normal process of computer systems to apply their roguish purposes. Meanwhile, there is also a type of malware known as the ransomware that limits victims to access their computer system either by encrypting the victimchr('39')s files or by locking the system. Despite ...
متن کاملExtortion on the Internet : the Rise of Crypto-Ransomware
This article highlights the transition from traditional ransomware threats (ransomware 1.0) to new and more complex attacks (crypto-ransomware) targeting desktop computers. The article suggests that cybercriminals will capitalize on malicious codes and target emerging and less-secured areas: mobile devices, M2M and the Internet of Things
متن کاملRAPPER: blueRansomware bluePrevention via bluePerformance Counters
Ransomware can produce direct and controllable economic loss, which makes it one of the most prominent threats in cyber security. As per the latest statistics, more than half of malwares reported in Q1 of 2017 are ransomware and there is a potent threat of a novice cybercriminals accessing rasomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was intro...
متن کاملEfficient Anomaly Detection Using Adaptive Monitoring in SDN
Network monitoring and measurement is the key task in today’s networking scenarios due to increasing low-level intrusions. With the increase in utilization of resources and wider network bandwidth gateway for intruders also enlarges. Hence to detect the anomalies entered by the intruders inside our network a better anomaly detection mechanism must need to be implemented. Also software-defined n...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1611.08294 شماره
صفحات -
تاریخ انتشار 2016