VoterChoice: A ransomware detection honeypot with multiple voting framework

This research presents a novel framework comprising the IPS gateway, analysis system, and honeypot for identifying and detecting ransomware based on the client honeypot concept, and active interception of downloads using Suricata inline intruder prevention system. Unlike previous frameworks that report on the accuracy rate of detecting ransomware, the proposed framework features a multiple voting platform for the validation of confidence levels in the accuracy detection rates. The proposed framework achieves high accuracy levels than other machine learning models for the detection of ransomware.

[1]  Mohammad Mehdi Ahmadian,et al.  Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares , 2015, 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).

[2]  Mumbi Chishimba,et al.  Demystifying Ransomware Attacks: Reverse Engineering and Dynamic Malware Analysis of WannaCry for Network and Information Security , 2017 .

[3]  Bander Ali Saleh Al-rimy,et al.  Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions , 2018, Comput. Secur..

[4]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[5]  Bogdan Gabrys,et al.  Classifier selection for majority voting , 2005, Inf. Fusion.

[6]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[7]  Robert A. Bridges,et al.  Automated Behavioral Analysis of Malware: A Case Study of WannaCry Ransomware , 2017, 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA).

[8]  Sarfraz N. Brohi,et al.  A Conceptual Security Approach with Awareness Strategy and Implementation Policy to Eliminate Ransomware , 2017, CSAI 2017.

[9]  Steve Mansfield-Devine Leaks and ransoms - the key threats to healthcare organisations , 2017, Netw. Secur..

[10]  Gilles Louppe,et al.  Ensembles on Random Patches , 2012, ECML/PKDD.

[11]  Ali Dehghantanha,et al.  Intelligent OS X malware threat detection with code inspection , 2018, Journal of Computer Virology and Hacking Techniques.

[12]  Pedro García-Teodoro,et al.  R-Locker: Thwarting ransomware action through a honeyfile-based approach , 2018, Comput. Secur..

[13]  Tooska Dargahi,et al.  Cyber Threat Intelligence , 2018, Advances in Information Security.

[14]  Xin Luo,et al.  Awareness Education as the Key to Ransomware Prevention , 2007, Inf. Secur. J. A Glob. Perspect..

[15]  Gianluca Stringhini,et al.  PayBreak: Defense Against Cryptographic Ransomware , 2017, AsiaCCS.

[16]  Tobias A Mattei,et al.  Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyberattack. , 2017, World neurosurgery.

[17]  Manisha Patil,et al.  A brief study of Wannacry Threat: Ransomware Attack 2017 , 2017 .

[18]  Alessandro Barenghi,et al.  ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.

[19]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[20]  Azad Ali Ransomware: A Research and a Personal Case Study of Dealing with this Nasty Malware , 2017 .

[21]  Shallaw M. Aziz Ransomware in High-Risk Environments , 2016 .