A 0-day aware crypto-ransomware early behavioral detection framework

Bander Ali Saleh Al-rimy; Mohd Aizaini Maarof; Syed Zainuddin Mohd Shaid

doi:10.1007/978-3-319-59427-9_78

A 0-day aware crypto-ransomware early behavioral detection framework

Bander Ali Saleh Al-rimy^*, Mohd Aizaini Maarof, Syed Zainuddin Mohd Shaid

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Crypto-Ransomware exploits cryptography to hijack personal files and documents and hold them to ransom. Utilizing such technological leap, crypto-ransomware targets a wide range of systems, and platforms. Although many users, whether individuals or organizations, practice proactive security procedures like regular backup, advanced crypto-ransomware can bypass these countermeasures rendering the valuable data vulnerable to such extortion attack. Due to the irreversible nature of its damage, thwarting crypto-ransomware becomes challenging. Although several studies have been conducted to tackle crypto-ransomware detection problem, most of them dealt with it from malware perspective. Such approach has deemed ineffective given the unique characteristics that distinguish this attack which necessitate the early discovery before encryption takes place. To this end, this paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack.

Original language	English
Title of host publication	Recent Trends in Information and Communication Technology
Subtitle of host publication	Proceedings of the 2nd International Conference of Reliable Information and Communication Technology (IRICT 2017)
Editors	Faisal Saeed, Nadhmi Gazem, Srikanta Patnaik, Ali Saleh Saed Balaid, Fathey Mohammed
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	758-766
Number of pages	9
ISBN (Electronic)	9783319594279
ISBN (Print)	9783319594262
DOIs	https://doi.org/10.1007/978-3-319-59427-9_78 https://doi.org/10.1007/978-3-319-59427-9
Publication status	Published - 27 May 2017
Event	2nd International Conference of Reliable Information and Communication Technology 2017 (IRICT 2017) - Johor, Malaysia Duration: 23 Apr 2017 → 24 Apr 2017

Publication series

Name	Lecture Notes on Data Engineering and Communications Technologies
Volume	5
ISSN (Print)	2367-4512
ISSN (Electronic)	2367-4520

Conference

Conference	2nd International Conference of Reliable Information and Communication Technology 2017 (IRICT 2017)
Country/Territory	Malaysia
City	Johor
Period	23/04/17 → 24/04/17

Keywords

Bitcoin
Crypto-ransomware
Cryptography
Cybercurrency
Early detection
Locker-ransomware
Malware
Scareware

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

Cite this

Al-rimy, B. A. S., Maarof, M. A., & Shaid, S. Z. M. (2017). A 0-day aware crypto-ransomware early behavioral detection framework. In F. Saeed, N. Gazem, S. Patnaik, A. Saleh Saed Balaid, & F. Mohammed (Eds.), Recent Trends in Information and Communication Technology: Proceedings of the 2nd International Conference of Reliable Information and Communication Technology (IRICT 2017) (pp. 758-766). (Lecture Notes on Data Engineering and Communications Technologies; Vol. 5). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-319-59427-9_78, https://doi.org/10.1007/978-3-319-59427-9

Al-rimy, Bander Ali Saleh ; Maarof, Mohd Aizaini ; Shaid, Syed Zainuddin Mohd. / A 0-day aware crypto-ransomware early behavioral detection framework. Recent Trends in Information and Communication Technology: Proceedings of the 2nd International Conference of Reliable Information and Communication Technology (IRICT 2017). editor / Faisal Saeed ; Nadhmi Gazem ; Srikanta Patnaik ; Ali Saleh Saed Balaid ; Fathey Mohammed. Springer Science and Business Media Deutschland GmbH, 2017. pp. 758-766 (Lecture Notes on Data Engineering and Communications Technologies).

@inproceedings{6c66f18928d64567a727f9f8a5258524,

title = "A 0-day aware crypto-ransomware early behavioral detection framework",

abstract = "Crypto-Ransomware exploits cryptography to hijack personal files and documents and hold them to ransom. Utilizing such technological leap, crypto-ransomware targets a wide range of systems, and platforms. Although many users, whether individuals or organizations, practice proactive security procedures like regular backup, advanced crypto-ransomware can bypass these countermeasures rendering the valuable data vulnerable to such extortion attack. Due to the irreversible nature of its damage, thwarting crypto-ransomware becomes challenging. Although several studies have been conducted to tackle crypto-ransomware detection problem, most of them dealt with it from malware perspective. Such approach has deemed ineffective given the unique characteristics that distinguish this attack which necessitate the early discovery before encryption takes place. To this end, this paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack.",

keywords = "Bitcoin, Crypto-ransomware, Cryptography, Cybercurrency, Early detection, Locker-ransomware, Malware, Scareware",

author = "Al-rimy, {Bander Ali Saleh} and Maarof, {Mohd Aizaini} and Shaid, {Syed Zainuddin Mohd}",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2018.; 2nd International Conference of Reliable Information and Communication Technology 2017 (IRICT 2017) ; Conference date: 23-04-2017 Through 24-04-2017",

year = "2017",

month = may,

day = "27",

doi = "10.1007/978-3-319-59427-9_78",

language = "English",

isbn = "9783319594262",

series = "Lecture Notes on Data Engineering and Communications Technologies",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "758--766",

editor = "Faisal Saeed and Nadhmi Gazem and Srikanta Patnaik and {Saleh Saed Balaid}, Ali and Fathey Mohammed",

booktitle = "Recent Trends in Information and Communication Technology",

address = "Germany",

}

Al-rimy, BAS, Maarof, MA & Shaid, SZM 2017, A 0-day aware crypto-ransomware early behavioral detection framework. in F Saeed, N Gazem, S Patnaik, A Saleh Saed Balaid & F Mohammed (eds), Recent Trends in Information and Communication Technology: Proceedings of the 2nd International Conference of Reliable Information and Communication Technology (IRICT 2017). Lecture Notes on Data Engineering and Communications Technologies, vol. 5, Springer Science and Business Media Deutschland GmbH, pp. 758-766, 2nd International Conference of Reliable Information and Communication Technology 2017 (IRICT 2017), Johor, Malaysia, 23/04/17. https://doi.org/10.1007/978-3-319-59427-9_78, https://doi.org/10.1007/978-3-319-59427-9

A 0-day aware crypto-ransomware early behavioral detection framework. / Al-rimy, Bander Ali Saleh; Maarof, Mohd Aizaini; Shaid, Syed Zainuddin Mohd.
Recent Trends in Information and Communication Technology: Proceedings of the 2nd International Conference of Reliable Information and Communication Technology (IRICT 2017). ed. / Faisal Saeed; Nadhmi Gazem; Srikanta Patnaik; Ali Saleh Saed Balaid; Fathey Mohammed. Springer Science and Business Media Deutschland GmbH, 2017. p. 758-766 (Lecture Notes on Data Engineering and Communications Technologies; Vol. 5).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A 0-day aware crypto-ransomware early behavioral detection framework

AU - Al-rimy, Bander Ali Saleh

AU - Maarof, Mohd Aizaini

AU - Shaid, Syed Zainuddin Mohd

N1 - Publisher Copyright: © Springer International Publishing AG 2018.

PY - 2017/5/27

Y1 - 2017/5/27

N2 - Crypto-Ransomware exploits cryptography to hijack personal files and documents and hold them to ransom. Utilizing such technological leap, crypto-ransomware targets a wide range of systems, and platforms. Although many users, whether individuals or organizations, practice proactive security procedures like regular backup, advanced crypto-ransomware can bypass these countermeasures rendering the valuable data vulnerable to such extortion attack. Due to the irreversible nature of its damage, thwarting crypto-ransomware becomes challenging. Although several studies have been conducted to tackle crypto-ransomware detection problem, most of them dealt with it from malware perspective. Such approach has deemed ineffective given the unique characteristics that distinguish this attack which necessitate the early discovery before encryption takes place. To this end, this paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack.

AB - Crypto-Ransomware exploits cryptography to hijack personal files and documents and hold them to ransom. Utilizing such technological leap, crypto-ransomware targets a wide range of systems, and platforms. Although many users, whether individuals or organizations, practice proactive security procedures like regular backup, advanced crypto-ransomware can bypass these countermeasures rendering the valuable data vulnerable to such extortion attack. Due to the irreversible nature of its damage, thwarting crypto-ransomware becomes challenging. Although several studies have been conducted to tackle crypto-ransomware detection problem, most of them dealt with it from malware perspective. Such approach has deemed ineffective given the unique characteristics that distinguish this attack which necessitate the early discovery before encryption takes place. To this end, this paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack.

KW - Bitcoin

KW - Crypto-ransomware

KW - Cryptography

KW - Cybercurrency

KW - Early detection

KW - Locker-ransomware

KW - Malware

KW - Scareware

UR - http://www.scopus.com/inward/record.url?scp=85090370683&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-59427-9_78

DO - 10.1007/978-3-319-59427-9_78

M3 - Conference contribution

AN - SCOPUS:85090370683

SN - 9783319594262

T3 - Lecture Notes on Data Engineering and Communications Technologies

SP - 758

EP - 766

BT - Recent Trends in Information and Communication Technology

A2 - Saeed, Faisal

A2 - Gazem, Nadhmi

A2 - Patnaik, Srikanta

A2 - Saleh Saed Balaid, Ali

A2 - Mohammed, Fathey

PB - Springer Science and Business Media Deutschland GmbH

T2 - 2nd International Conference of Reliable Information and Communication Technology 2017 (IRICT 2017)

Y2 - 23 April 2017 through 24 April 2017

ER -

Al-rimy BAS, Maarof MA, Shaid SZM. A 0-day aware crypto-ransomware early behavioral detection framework. In Saeed F, Gazem N, Patnaik S, Saleh Saed Balaid A, Mohammed F, editors, Recent Trends in Information and Communication Technology: Proceedings of the 2nd International Conference of Reliable Information and Communication Technology (IRICT 2017). Springer Science and Business Media Deutschland GmbH. 2017. p. 758-766. (Lecture Notes on Data Engineering and Communications Technologies). doi: 10.1007/978-3-319-59427-9_78, 10.1007/978-3-319-59427-9

A 0-day aware crypto-ransomware early behavioral detection framework

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Fingerprint

Cite this