Skip to content
Back to outputs

A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Standard

A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems. / Naik, Nitin; Jenkins, Paul; Savage, Nick.

2019 International Symposium on Systems Engineering (ISSE). Institute of Electrical and Electronics Engineers, 2020. (IEEE ISSE Proceedings Series).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Naik, N, Jenkins, P & Savage, N 2020, A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems. in 2019 International Symposium on Systems Engineering (ISSE). IEEE ISSE Proceedings Series, Institute of Electrical and Electronics Engineers, 2019 International Symposium on Systems Engineering (ISSE)
, Edinburgh, United Kingdom, 1/10/19. https://doi.org/10.1109/ISSE46696.2019.8984540

APA

Naik, N., Jenkins, P., & Savage, N. (2020). A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems. In 2019 International Symposium on Systems Engineering (ISSE) (IEEE ISSE Proceedings Series). Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ISSE46696.2019.8984540

Vancouver

Naik N, Jenkins P, Savage N. A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems. In 2019 International Symposium on Systems Engineering (ISSE). Institute of Electrical and Electronics Engineers. 2020. (IEEE ISSE Proceedings Series). https://doi.org/10.1109/ISSE46696.2019.8984540

Author

Naik, Nitin ; Jenkins, Paul ; Savage, Nick. / A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems. 2019 International Symposium on Systems Engineering (ISSE). Institute of Electrical and Electronics Engineers, 2020. (IEEE ISSE Proceedings Series).

Bibtex

@inproceedings{0b7da6db183a4baa8625863c557300b6,
title = "A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems",
abstract = "Today, a significant threat to organisational information systems is ransomware that can completely occlude the information system by denying access to its data. To reduce this exposure and damage from ransomware attacks, organisations are obliged to concentrate explicitly on the threat of ransomware, alongside their malware prevention strategy. In attempting to prevent the escalation of ransomware attacks, it is important to account for their polymorphic behaviour and dispersion of inexhaustible versions. However, a number of ransomware samples possess similarity as they are created by similar groups of threat actors. A particular threat actor or group often adopts similar practices or codebase to create unlimited versions of their ransomware. As a result of these common traits and codebase, it is probable that new or unknown ransomware variants can be detected based on a comparison with their originating or existing samples. Therefore, this paper presents a detection method for ransomware by employing a similarity preserving hashing method called fuzzy hashing. This detection method is applied on the collected WannaCry or WannaCryptor ransomware corpus utilising three fuzzy hashing methods SSDEEP, SDHASH and mvHASH-B to evaluate the similarity detection success rate by each method. Moreover, their fuzzy similarity scores are utilised to cluster the collected ransomware corpus and its results are compared to determine the relative accuracy of the selected fuzzy hashing methods.",
keywords = "ransomware, similarity preserving hashing, fuzzy hashing, SSDEEP, SDHASH, mvHASH-B, k-means clustering, WannaCry, WannaCryptor",
author = "Nitin Naik and Paul Jenkins and Nick Savage",
year = "2020",
month = feb,
day = "6",
doi = "10.1109/ISSE46696.2019.8984540",
language = "English",
isbn = "978-1-7281-1784-3",
series = "IEEE ISSE Proceedings Series",
publisher = "Institute of Electrical and Electronics Engineers",
booktitle = "2019 International Symposium on Systems Engineering (ISSE)",
note = "2019 International Symposium on Systems Engineering (ISSE)<br/> ; Conference date: 01-10-2019 Through 03-10-2019",
url = "https://ieeexplore.ieee.org/servlet/opac?punumber=8966755",

}

RIS

TY - GEN

T1 - A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems

AU - Naik, Nitin

AU - Jenkins, Paul

AU - Savage, Nick

PY - 2020/2/6

Y1 - 2020/2/6

N2 - Today, a significant threat to organisational information systems is ransomware that can completely occlude the information system by denying access to its data. To reduce this exposure and damage from ransomware attacks, organisations are obliged to concentrate explicitly on the threat of ransomware, alongside their malware prevention strategy. In attempting to prevent the escalation of ransomware attacks, it is important to account for their polymorphic behaviour and dispersion of inexhaustible versions. However, a number of ransomware samples possess similarity as they are created by similar groups of threat actors. A particular threat actor or group often adopts similar practices or codebase to create unlimited versions of their ransomware. As a result of these common traits and codebase, it is probable that new or unknown ransomware variants can be detected based on a comparison with their originating or existing samples. Therefore, this paper presents a detection method for ransomware by employing a similarity preserving hashing method called fuzzy hashing. This detection method is applied on the collected WannaCry or WannaCryptor ransomware corpus utilising three fuzzy hashing methods SSDEEP, SDHASH and mvHASH-B to evaluate the similarity detection success rate by each method. Moreover, their fuzzy similarity scores are utilised to cluster the collected ransomware corpus and its results are compared to determine the relative accuracy of the selected fuzzy hashing methods.

AB - Today, a significant threat to organisational information systems is ransomware that can completely occlude the information system by denying access to its data. To reduce this exposure and damage from ransomware attacks, organisations are obliged to concentrate explicitly on the threat of ransomware, alongside their malware prevention strategy. In attempting to prevent the escalation of ransomware attacks, it is important to account for their polymorphic behaviour and dispersion of inexhaustible versions. However, a number of ransomware samples possess similarity as they are created by similar groups of threat actors. A particular threat actor or group often adopts similar practices or codebase to create unlimited versions of their ransomware. As a result of these common traits and codebase, it is probable that new or unknown ransomware variants can be detected based on a comparison with their originating or existing samples. Therefore, this paper presents a detection method for ransomware by employing a similarity preserving hashing method called fuzzy hashing. This detection method is applied on the collected WannaCry or WannaCryptor ransomware corpus utilising three fuzzy hashing methods SSDEEP, SDHASH and mvHASH-B to evaluate the similarity detection success rate by each method. Moreover, their fuzzy similarity scores are utilised to cluster the collected ransomware corpus and its results are compared to determine the relative accuracy of the selected fuzzy hashing methods.

KW - ransomware

KW - similarity preserving hashing

KW - fuzzy hashing

KW - SSDEEP

KW - SDHASH

KW - mvHASH-B

KW - k-means clustering

KW - WannaCry

KW - WannaCryptor

U2 - 10.1109/ISSE46696.2019.8984540

DO - 10.1109/ISSE46696.2019.8984540

M3 - Conference contribution

SN - 978-1-7281-1784-3

T3 - IEEE ISSE Proceedings Series

BT - 2019 International Symposium on Systems Engineering (ISSE)

PB - Institute of Electrical and Electronics Engineers

T2 - 2019 International Symposium on Systems Engineering (ISSE)<br/>

Y2 - 1 October 2019 through 3 October 2019

ER -

ID: 19881727