Abstract
Ransomware is currently one of the most significant cyberthreats to both national infrastructure and the individual, often requiring severe treatment as an antidote. Triaging ran-somware based on its similarity with well-known ransomware samples is an imperative preliminary step in preventing a ransomware pandemic. Selecting the most appropriate triaging method can improve the precision of further static and dynamic analysis in addition to saving significant t ime a nd e ffort. Currently, the most popular and proven triaging methods are fuzzy hashing, import hashing and YARA rules, which can ascertain whether, or to what degree, two ransomware samples are similar to each other. However, the mechanisms of these three methods are quite different and their comparative assessment is difficult. Therefore, this paper presents an evaluation of these three methods for triaging the four most pertinent ransomware categories WannaCry, Locky, Cerber and CryptoWall. It evaluates their triaging performance and run-time system performance, highlighting the limitations of each method.
Original language | English |
---|---|
Title of host publication | 2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE) |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Number of pages | 6 |
ISBN (Electronic) | 978-1-5386-1728-1 |
ISBN (Print) | 978-1-5386-1729-8 |
DOIs | |
Publication status | Published - 10 Oct 2019 |
Event | 2019 IEEE International Conference: Fuzzy Systems - New Orleans, United States Duration: 23 Jun 2019 → 26 Nov 2019 https://ieeexplore.ieee.org/xpl/conhome/8845563/proceeding |
Publication series
Name | Fuzzy Systems (FUZZ-IEEE) 2019 IEEE International Conference |
---|---|
Publisher | IEEE |
ISSN (Print) | 1558-4739 |
Conference
Conference | 2019 IEEE International Conference |
---|---|
Abbreviated title | FUZZ-IEEE |
Country/Territory | United States |
City | New Orleans |
Period | 23/06/19 → 26/11/19 |
Internet address |