Skip to content

A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Today, a significant threat to organisational information systems is ransomware that can completely occlude the information system by denying access to its data. To reduce this exposure and damage from ransomware attacks, organisations are obliged to concentrate explicitly on the threat of ransomware, alongside their malware prevention strategy. In attempting to prevent the escalation of ransomware attacks, it is important to account for their polymorphic behaviour and dispersion of inexhaustible versions. However, a number of ransomware samples possess similarity as they are created by similar groups of threat actors. A particular threat actor or group often adopts similar practices or codebase to create unlimited versions of their ransomware. As a result of these common traits and codebase, it is probable that new or unknown ransomware variants can be detected based on a comparison with their originating or existing samples. Therefore, this paper presents a detection method for ransomware by employing a similarity preserving hashing method called fuzzy hashing. This detection method is applied on the collected WannaCry or WannaCryptor ransomware corpus utilising three fuzzy hashing methods SSDEEP, SDHASH and mvHASH-B to evaluate the similarity detection success rate by each method. Moreover, their fuzzy similarity scores are utilised to cluster the collected ransomware corpus and its results are compared to determine the relative accuracy of the selected fuzzy hashing methods.
Original languageEnglish
Title of host publication2019 International Symposium on Systems Engineering (ISSE)
PublisherInstitute of Electrical and Electronics Engineers
Number of pages6
ISBN (Electronic)978-1-7281-1783-6
ISBN (Print)978-1-7281-1784-3
DOIs
Publication statusPublished - 6 Feb 2020
Event2019 International Symposium on Systems Engineering (ISSE)
- Edinburgh, United Kingdom
Duration: 1 Oct 20193 Oct 2019
https://ieeexplore.ieee.org/servlet/opac?punumber=8966755

Publication series

NameIEEE ISSE Proceedings Series
PublisherIEEE
ISSN (Print)2687-881X
ISSN (Electronic)2687-8828

Conference

Conference2019 International Symposium on Systems Engineering (ISSE)
CountryUnited Kingdom
CityEdinburgh
Period1/10/193/10/19
Internet address

Documents

  • 1570559640

    Rights statement: © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

    Accepted author manuscript (Post-print), 252 KB, PDF document

Related information

Relations Get citation (various referencing formats)

ID: 19881727