A Survey on Detection Techniques for Cryptographic Ransomware

Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for a ransom to recover the hijacked documents. It is a cyber threat that targets both companies and residential users, and has spread in recent years because of its lucrative results. Several articles have presented classifications of ransomware families and their typical behaviour. These insights have stimulated the creation of detection techniques for antivirus and firewall software. However, because the ransomware scene evolves quickly and aggressively, these studies quickly become outdated. In this study, we surveyed the detection techniques that the research community has developed in recent years. We compared the different approaches and classified the algorithms based on the input data they obtain from ransomware actions, and the decision procedures they use to reach a classification decision between benign or malign applications. This is a detailed survey that focuses on detection algorithms, compared to most previous studies that offer a survey of ransomware families or isolated proposals of detection algorithms. We also compared the results of these proposals.

[1]  Sung-Ryul Kim,et al.  Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph , 2017, RACS.

[2]  Pedro García-Teodoro,et al.  R-Locker: Thwarting ransomware action through a honeyfile-based approach , 2018, Comput. Secur..

[3]  Ashish Patel,et al.  A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage Control , 2017 .

[4]  Jiqiang Liu,et al.  Detecting Android Locker-Ransomware on Chinese Social Networks , 2019, IEEE Access.

[5]  A Gandhi Krunal,et al.  Survey on Ransomware: A New Era of Cyber Attack , 2017 .

[6]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[7]  Kristina Lerman,et al.  RAPTOR: Ransomware Attack PredicTOR , 2018, ArXiv.

[8]  Debdeep Mukhopadhyay,et al.  RAPPER: Ransomware Prevention via Performance Counters , 2018, ArXiv.

[9]  Alireza Karimi,et al.  Android ransomware detection using reduced opcode sequence and image similarity , 2017, 2017 7th International Conference on Computer and Knowledge Engineering (ICCKE).

[10]  Aniello Cimitile,et al.  Talos: no more ransomware victims with formal methods , 2018, International Journal of Information Security.

[11]  Gianluca Stringhini,et al.  PayBreak: Defense Against Cryptographic Ransomware , 2017, AsiaCCS.

[12]  Routa Moussaileb,et al.  Ransomware's Early Mitigation Mechanisms , 2018, ARES.

[13]  Shreya Chadha,et al.  Ransomware: Let's fight back! , 2017, 2017 International Conference on Computing, Communication and Automation (ICCCA).

[14]  Kangbin Yim,et al.  Machine Learning Based File Entropy Analysis for Ransomware Detection in Backup Systems , 2019, IEEE Access.

[15]  Aderemi A. Atayero,et al.  Ransomware: Current Trend, Challenges, and Research Directions , 2017 .

[16]  Ju-Sung Kang,et al.  Dynamic ransomware protection using deterministic random bit generator , 2017, 2017 IEEE Conference on Application, Information and Network Security (AINS).

[17]  K. P. Soman,et al.  Evaluating shallow and deep networks for ransomware detection and classification , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[18]  Sanjeev Thakur,et al.  An app based on static analysis for android ransomware , 2017, 2017 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT).

[19]  Roberto Battiti,et al.  Using mutual information for selecting features in supervised neural net learning , 1994, IEEE Trans. Neural Networks.

[20]  Md. Mahbubur Rahman,et al.  RansHunt: A support vector machines based ransomware analysis framework with integrated feature set , 2017, 2017 20th International Conference of Computer and Information Technology (ICCIT).

[21]  Sachin Lodha,et al.  POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat , 2016, CCS.

[22]  Mohammad Mehdi Ahmadian,et al.  Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares , 2015, 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).

[23]  Daniele Sgandurra,et al.  Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection , 2016, ArXiv.

[24]  Alessandro Barenghi,et al.  ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.

[25]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[26]  Arun Kumar Sangaiah,et al.  Classification of ransomware families with machine learning based on N-gram of opcodes , 2019, Future Gener. Comput. Syst..

[27]  Bander Ali Saleh Al-rimy,et al.  Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions , 2018, Comput. Secur..

[28]  Thaier Hayajneh,et al.  Detection and prevention of crypto-ransomware , 2017, 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON).

[29]  Yong Jin,et al.  A Secure Container-based Backup Mechanism to Survive Destructive Ransomware Attacks , 2018, 2018 International Conference on Computing, Networking and Communications (ICNC).

[30]  Sakir Sezer,et al.  A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware , 2019, IEEE Access.

[31]  Baoxu Liu,et al.  Poster : A New Approach to Detecting Ransomware with Deception , 2017 .

[32]  Wojciech Mazurczyk,et al.  Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall , 2016, IEEE Network.

[33]  Miguel Correia,et al.  Hail to the Thief: Protecting data from mobile ransomware with ransomsafedroid , 2017, 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA).

[34]  Muhammet Baykara,et al.  A novel approach to ransomware: Designing a safe zone system , 2018, 2018 6th International Symposium on Digital Forensic and Security (ISDFS).

[35]  Ziming Zhao,et al.  Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection , 2018, IEEE Transactions on Information Forensics and Security.

[36]  Qi Gong,et al.  Ransomware detection based on V-detector negative selection algorithm , 2017, 2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC).

[37]  Pavol Zavarsky,et al.  Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and Characterization , 2016, FNC/MobiSPC.

[38]  Engin Kirda,et al.  Redemption: Real-Time Protection Against Ransomware at End-Hosts , 2017, RAID.

[39]  Mohammad Mehdi Ahmadian,et al.  2entFOX: A framework for high survivable ransomwares detection , 2016, 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).

[40]  Chris Moore,et al.  Detecting Ransomware with Honeypot Techniques , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[41]  Antonella Santone,et al.  Ransomware Steals Your Phone. Formal Methods Rescue It , 2016, FORTE.

[42]  Patrick Traynor,et al.  CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[43]  Mikel Izal,et al.  Ransomware early detection by the analysis of file sharing traffic , 2018, J. Netw. Comput. Appl..

[44]  Sanggeun Song,et al.  The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform , 2016, Mob. Inf. Syst..

[45]  Jean-Marc Robert,et al.  An Efficient Approach to Detect TorrentLocker Ransomware in Computer Systems , 2016, CANS.

[46]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[47]  Yu Yang,et al.  Automated Detection and Analysis for Android Ransomware , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[48]  Leyla Bilge,et al.  Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks , 2015, DIMVA.

[49]  Elisa Bertino,et al.  RWGuard: A Real-Time Detection System Against Cryptographic Ransomware , 2018, RAID.

[50]  Bander Ali Saleh Al-rimy,et al.  Redundancy Coefficient Gradual Up-weighting-based Mutual Information Feature Selection Technique for Crypto-ransomware Early Detection , 2018, Future Gener. Comput. Syst..

[51]  Peng Liu,et al.  FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware , 2017, CCS.

[52]  Vinay J. Ribeiro,et al.  RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning , 2018, 2018 10th International Conference on Communication Systems & Networks (COMSNETS).

[53]  Fabio Martinelli,et al.  R-PackDroid: API package-based characterization and detection of mobile ransomware , 2017, SAC.

[54]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.