论文信息 - Ransomware protection using the moving target defense perspective

Ransomware protection using the moving target defense perspective

Abstract Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim’s important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues to evolve; as a result, it has becomes more difficult to defend. In this study, we analyze major ransomware including WannaCry and propose a method to protect valuable files from existing ransomware. To this end, the moving target defense method is applied by randomly changing the file extensions that ransomware attempts to encrypt. We show that our proposed method can successfully protect files from ransomware. Finally, we present the proposed method which can be reasonably used without performance degradation.

[1] Patrick Traynor,et al. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[2] Leyla Bilge,et al. Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks , 2015, DIMVA.

[3] Gianluca Stringhini,et al. PayBreak: Defense Against Cryptographic Ransomware , 2017, AsiaCCS.

[4] Stefano Zanero,et al. HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[5] Wojciech Mazurczyk,et al. Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics , 2016, Comput. Electr. Eng..

[6] Alessandro Barenghi,et al. ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.

[7] Jin B. Hong,et al. Scalable Security Models for Assessing Effectiveness of Moving Target Defenses , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[8] William W. Streilein,et al. Moving Target Techniques: Leveraging Uncertainty for Cyber Defense , 2015 .

[9] Engin Kirda,et al. UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.