In-Depth Analysis of Ransom Note Files

被引：2

作者：

Lemmou, Yassine ^{[1
]}

Lanet, Jean-Louis ^{[2
]}

Souidi, El Mamoun ^{[1
]}

机构：

[1] Mohammed V Univ Rabat, Fac Sci, LabMIASI BP, BP 1014 RP, Rabat 10000, Morocco

[2] INRIA, LHS PEC, F-35042 Rennes, France

来源：

COMPUTERS | 2021年 / 10卷 / 11期

关键词：

ransomware; ransom note file; detection; identification; Latent Semantic Analysis; Machine Learning;

D O I：

10.3390/computers10110145

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

During recent years, many papers have been published on ransomware, but to the best of our knowledge, no previous academic studies have been conducted on ransom note files. In this paper, we present the results of a depth study on filenames and the content of ransom files. We propose a prototype to identify the ransom files. Then we explore how the filenames and the content of these files can minimize the risk of ransomware encryption of some specified ransomware or increase the effectiveness of some ransomware detection tools. To achieve these objectives, two approaches are discussed in this paper. The first uses Latent Semantic Analysis (LSA) to check similarities between the contents of files. The second uses some Machine Learning models to classify the filenames into two classes-ransom filenames and benign filenames.

引用

页数：25

共 26 条

[11] Kharraz A., 2015, INT C DET INTR MALW, P3, DOI DOI 10.1007/978-3-319-20550-2_1
[12] Evaluation metric for crypto-ransomware detection using machine learning
Kok, S. H.
Azween, A.
Jhanjhi, N. Z.
[J]. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2020, 55
[13] PAYBREAK : Defense Against Cryptographic Ransomware
Kolodenker, Eugene
Koch, William
Stringhini, Gianluca
Egele, Manuel
[J]. PROCEEDINGS OF THE 2017 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIA CCS'17), 2017, : 599 - 611
[14] Lee J., 2017, Proceedings of the International Conference on Research in Adaptive and Convergent Systems, P208, DOI DOI 10.1145/3129676.3129713
[15] Lemmou Y., 2017, Advances in Intelligent Systems and Computing, V573, P1, DOI [DOI 10.1007/978-981-10-6898-0_22, 10.1007/978-981-10-6898-0, DOI 10.1007/978-981-10-6898-0]
[16] A behavioural in-depth analysis of ransomware infection
Lemmou, Yassine
Lanet, Jean-Louis
Souidi, El Mamoun
[J]. IET INFORMATION SECURITY, 2021, 15 (01) : 38 - 58
[17] Lemmou Y, 2017, 2017 INTERNATIONAL CONFERENCE ON CYBER SECURITY AND PROTECTION OF DIGITAL SERVICES (CYBER SECURITY), DOI 10.1109/CyberSecPODS.2017.8074854
[18] Mager M., 2018, STOP STEP AWAY DATA
[19] Ransomware's Early Mitigation Mechanisms
Moussaileb, Routa
Bouget, Benjamin
Palisse, Aurelien
Le Bouder, Helene
Cuppens, Nora
Lanet, Jean-Louis
[J]. 13TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2018), 2019,
[20] Nieuwenhuizen D., 2017, MWR Labs Whitepaper

← 1 2 3 →