A proposed adaptive pre-encryption crypto-ransomware early detection model

Umara Urooj, Mohd Aizaini Bin Maarof, Bander Ali Saleh Al-Rimy

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Crypto-ransomware is a malware that uses the system's cryptography functions to encrypt user data. The irreversible effect of crypto-ransomware makes it challenging to survive the attack compared to other malware categories. When a crypto-ransomware attack encrypts user files, it becomes difficult to access these files without having the decryption key. Due to the availability of ransomware development tool kits like Ransomware as a Service (RaaS), many ransomware variants are being developed. This contributes to the rise of ransomware attacks witnessed nowadays. However, the conventional approaches employed by malware detection solutions are not suitable to detect ransomware. This is because ransomware needs to be detected as early as before the encryption takes place. These attacks can effectively be handled only if detected during the pre-encryption phase. Early detection of ransomware attacks is challenging due to the limited amount of data available before encryption. An adaptive pre-encryption model is proposed in this paper which is expected to deal with the population concept drift of crypto-ransomware given the limited amount of data collected during the pre-encryption phase of the attack lifecycle. With such adaptability, the model can maintain up-to-date knowledge about the attack behavior and identify the polymorphic ransomware that continuously changes its behavior.

Original languageEnglish
Title of host publication2021 3rd International Cyber Resilience Conference, CRC 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781665418447
ISBN (Print)9781665448239
DOIs
Publication statusPublished - 5 Apr 2021
Event3rd International Cyber Resilience Conference, CRC 2021 - Virtual, Langkawi Island, Malaysia
Duration: 29 Jan 202131 Jan 2021

Conference

Conference3rd International Cyber Resilience Conference, CRC 2021
Country/TerritoryMalaysia
CityVirtual, Langkawi Island
Period29/01/2131/01/21

Keywords

  • crypto-ransomware
  • detection
  • pre-encryption
  • ransomware
  • security

Fingerprint

Dive into the research topics of 'A proposed adaptive pre-encryption crypto-ransomware early detection model'. Together they form a unique fingerprint.

Cite this