In-Depth Analysis of Ransom Note Files

被引：2

作者：

Lemmou, Yassine ^{[1
]}

Lanet, Jean-Louis ^{[2
]}

Souidi, El Mamoun ^{[1
]}

机构：

[1] Mohammed V Univ Rabat, Fac Sci, LabMIASI BP, BP 1014 RP, Rabat 10000, Morocco

[2] INRIA, LHS PEC, F-35042 Rennes, France

来源：

COMPUTERS | 2021年 / 10卷 / 11期

关键词：

ransomware; ransom note file; detection; identification; Latent Semantic Analysis; Machine Learning;

D O I：

10.3390/computers10110145

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

During recent years, many papers have been published on ransomware, but to the best of our knowledge, no previous academic studies have been conducted on ransom note files. In this paper, we present the results of a depth study on filenames and the content of ransom files. We propose a prototype to identify the ransom files. Then we explore how the filenames and the content of these files can minimize the risk of ransomware encryption of some specified ransomware or increase the effectiveness of some ransomware detection tools. To achieve these objectives, two approaches are discussed in this paper. The first uses Latent Semantic Analysis (LSA) to check similarities between the contents of files. The second uses some Machine Learning models to classify the filenames into two classes-ransom filenames and benign filenames.

引用

页数：25

共 26 条

[1] Deanonymizing Tor hidden service users through Bitcoin transactions analysis
Al Jawaheri, Husam
Al Sabah, Mashael
Boshmaf, Yazan
Erbad, Aiman
[J]. COMPUTERS & SECURITY, 2020, 89
[2] Anandarajan M., 2018, PRACTICAL TEXT ANALY, V1st
[3] Detecting ransomware attacks using intelligent algorithms: recent development and next direction from deep learning and big data perspectives
Bello, Ibrahim
Chiroma, Haruna
Abdullahi, Usman A.
Gital, Abdulsalam Ya'u
Jauro, Fatsuma
Khan, Abdullah
Okesola, Julius O.
Abdulhamid, Shafi'i M.
[J]. JOURNAL OF AMBIENT INTELLIGENCE AND HUMANIZED COMPUTING, 2021, 12 (09) : 8699 - 8717
[4] Ransomware at X-Rays
Caivano, Danilo
Canfora, Gerardo
Cocomazzi, Antonio
Pirozzi, Antonio
Visaggio, Corrado Aaron
[J]. 2017 IEEE INTERNATIONAL CONFERENCE ON INTERNET OF THINGS (ITHINGS) AND IEEE GREEN COMPUTING AND COMMUNICATIONS (GREENCOM) AND IEEE CYBER, PHYSICAL AND SOCIAL COMPUTING (CPSCOM) AND IEEE SMART DATA (SMARTDATA), 2017, : 348 - 353
[5] SMOTE: Synthetic minority over-sampling technique
Chawla, Nitesh V.
Bowyer, Kevin W.
Hall, Lawrence O.
Kegelmeyer, W. Philip
[J]. 2002, American Association for Artificial Intelligence (16)
[6] ShieldFS: A Self-healing, Ransomware-aware Filesystem
Continella, Andrea
Guagnelli, Alessandro
Zingaro, Giovanni
De Pasquale, Giulio
Barenghi, Alessandro
Zanero, Stefano
Maggi, Federico
[J]. 32ND ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2016), 2016, : 336 - 347
[7] An Approach to Source-Code Plagiarism Detection and Investigation Using Latent Semantic Analysis
Cosma, Georgina
Joy, Mike
[J]. IEEE TRANSACTIONS ON COMPUTERS, 2012, 61 (03) : 379 - 394
[8] Comparative analysis of various ransomware virii
Gazet, Alexandre
[J]. JOURNAL IN COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2010, 6 (01): : 77 - 90
[9] Ketzaki E, 2020, 2020 10TH INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER INFORMATION TECHNOLOGIES (ACIT), P747, DOI 10.1109/ACIT49673.2020.9208974
[10] A Digital DNA Sequencing Engine for Ransomware Detection Using Machine Learning
Khan, Firoz
Ncube, Cornelius
Ramasamy, Lakshmana Kumar
Kadry, Seifedine
Nam, Yunyoung
[J]. IEEE ACCESS, 2020, 8 : 119710 - 119719

← 1 2 3 →