Ransomware detection and mitigation using software-defined networking: The case of WannaCry

Abstract Modern day ransomware families implement sophisticated encryption and propagation schemes, thus limiting chances to recover the data almost to zero. We investigate the use of software-defined networking (SDN) to detect and mitigate advanced ransomware threat. We present our ransomware analysis results and our developed SDN-based security framework. For the proof of concept, the infamous WannaCry ransomware was used. Based on the obtained results, we design an SDN detection and mitigation framework and develop a solution based on OpenFlow. The developed solution detects suspicious activities through network traffic monitoring and blocks infected hosts by adding flow table entries into OpenFlow switches in a real-time manner. Finally, our experiments with multiple samples of WannaCry show that the developed mechanism in all cases is able to promptly detect the infected machines and prevent WannaCry from spreading.

[1]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[2]  Wojciech Mazurczyk,et al.  Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall , 2016, IEEE Network.

[3]  Piero Castoldi,et al.  On experimenting 5G: Testbed set-up for SDN orchestration across network cloud and IoT domains , 2017, 2017 IEEE Conference on Network Softwarization (NetSoft).

[4]  Laura Galluccio,et al.  OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers , 2015, Comput. Networks.

[5]  Yi Lin,et al.  Bandwidth Compression Protection Against Collapse in Fog-Based Wireless and Optical Networks , 2018, IEEE Access.

[6]  Jianhua Li,et al.  Big Data Analysis-Based Secure Cluster Management for Optimized Control Plane in Software-Defined Networks , 2018, IEEE Transactions on Network and Service Management.

[7]  Vassilios G. Vassilakis,et al.  A software-defined architecture for next-generation cellular networks , 2016, 2016 IEEE International Conference on Communications (ICC).

[8]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[9]  Kazuya Suzuki,et al.  A Survey on OpenFlow Technologies , 2014, IEICE Trans. Commun..

[10]  Bing Wang,et al.  Malware Detection for Mobile Devices Using Software-Defined Networking , 2013, 2013 Second GENI Research and Educational Experiment Workshop.

[11]  Imad H. Elhajj,et al.  SDN controllers: A comparative study , 2016, 2016 18th Mediterranean Electrotechnical Conference (MELECON).

[12]  Yongli Zhao,et al.  Performance evaluation of multi-stratum resources integrated resilience for software defined inter-data center interconnect. , 2015, Optics express.

[13]  Alexander Shalimov,et al.  Advanced study of SDN/OpenFlow controllers , 2013 .

[14]  Vassilios G. Vassilakis,et al.  Efficient radio resource allocation in SDN/NFV based mobile cellular networks under the complete sharing policy , 2017, IET Networks.

[15]  Wojciech Mazurczyk,et al.  Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics , 2016, Comput. Electr. Eng..

[16]  Jianhua Li,et al.  Battery Status Sensing Software-Defined Multicast for V2G Regulation in Smart Grid , 2017, IEEE Sensors Journal.

[17]  Lisandro Zambenedetti Granville,et al.  MARS: An SDN-based malware analysis solution , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[18]  Yi Lin,et al.  SUDOI: software defined networking for ubiquitous data center optical interconnection , 2016, IEEE Communications Magazine.