Open Repository for the Evaluation of Ransomware Detection Tools

Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for ransom to recover the hijacked documents. Several articles have presented detection techniques for this type of malware; these techniques are applied before the ransomware encrypts files or during its action in an infected host. The evaluation of these proposals has always been accomplished using sets of ransomware samples that are prepared locally for the research article, without making the data available. Different studies use different sets of samples and different evaluation metrics, resulting in insufficient comparability. In this paper, we describe a public data repository containing the file access operations of more than 70 ransomware samples during the encryption of a large network shared directory. These data have already been used successfully in the evaluation of a network-based ransomware detection algorithm. Now, we are making these data available to the community and describing their details, how they were captured, and how they can be used in the evaluation and comparison of the results of most ransomware detection techniques.

[1]  Pedro García-Teodoro,et al.  R-Locker: Thwarting ransomware action through a honeyfile-based approach , 2018, Comput. Secur..

[2]  Debdeep Mukhopadhyay,et al.  RAPPER: Ransomware Prevention via Performance Counters , 2018, ArXiv.

[3]  Patrick Traynor,et al.  CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[4]  Mikel Izal,et al.  Ransomware early detection by the analysis of file sharing traffic , 2018, J. Netw. Comput. Appl..

[5]  Andrea C. Arpaci-Dusseau,et al.  Generating realistic impressions for file-system benchmarking , 2009, TOS.

[6]  Kangbin Yim,et al.  Machine Learning Based File Entropy Analysis for Ransomware Detection in Backup Systems , 2019, IEEE Access.

[7]  Sakir Sezer,et al.  A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware , 2019, IEEE Access.

[8]  Jean-Marc Robert,et al.  An Efficient Approach to Detect TorrentLocker Ransomware in Computer Systems , 2016, CANS.

[9]  K. P. Soman,et al.  Evaluating shallow and deep networks for ransomware detection and classification , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[10]  Bander Ali Saleh Al-rimy,et al.  Redundancy Coefficient Gradual Up-weighting-based Mutual Information Feature Selection Technique for Crypto-ransomware Early Detection , 2018, Future Gener. Comput. Syst..

[11]  Vinay J. Ribeiro,et al.  RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning , 2018, 2018 10th International Conference on Communication Systems & Networks (COMSNETS).

[12]  Md. Mahbubur Rahman,et al.  RansHunt: A support vector machines based ransomware analysis framework with integrated feature set , 2017, 2017 20th International Conference of Computer and Information Technology (ICCIT).

[13]  Sachin Lodha,et al.  POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat , 2016, CCS.

[14]  Baoxu Liu,et al.  Poster : A New Approach to Detecting Ransomware with Deception , 2017 .

[15]  Ziming Zhao,et al.  Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection , 2018, IEEE Transactions on Information Forensics and Security.

[16]  Qi Gong,et al.  Ransomware detection based on V-detector negative selection algorithm , 2017, 2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC).

[17]  Elisa Bertino,et al.  RWGuard: A Real-Time Detection System Against Cryptographic Ransomware , 2018, RAID.

[18]  Daniel Morato,et al.  A Survey on Detection Techniques for Cryptographic Ransomware , 2019, IEEE Access.

[19]  Routa Moussaileb,et al.  Ransomware's Early Mitigation Mechanisms , 2018, ARES.

[20]  Shreya Chadha,et al.  Ransomware: Let's fight back! , 2017, 2017 International Conference on Computing, Communication and Automation (ICCCA).

[21]  Chris Moore,et al.  Detecting Ransomware with Honeypot Techniques , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[22]  Mohammad Mehdi Ahmadian,et al.  Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares , 2015, 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).

[23]  Arun Kumar Sangaiah,et al.  Classification of ransomware families with machine learning based on N-gram of opcodes , 2019, Future Gener. Comput. Syst..

[24]  Kristina Lerman,et al.  RAPTOR: Ransomware Attack PredicTOR , 2018, ArXiv.

[25]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[26]  Wojciech Mazurczyk,et al.  Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall , 2016, IEEE Network.

[27]  Engin Kirda,et al.  Redemption: Real-Time Protection Against Ransomware at End-Hosts , 2017, RAID.

[28]  Mikel Izal,et al.  High-Speed Analysis of SMB2 File Sharing Traffic without TCP Stream Reconstruction , 2019, 2019 IEEE International Symposium on Measurements & Networking (M&N).

[29]  Alessandro Barenghi,et al.  ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.

[30]  Daniele Sgandurra,et al.  Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection , 2016, ArXiv.

[31]  Mohammad Mehdi Ahmadian,et al.  2entFOX: A framework for high survivable ransomwares detection , 2016, 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).