عرض بسيط للتسجيلة

المؤلفKenan, Begovic
المؤلفAl-Ali, Abdulaziz
المؤلفMalluhi, Qutaibah
تاريخ الإتاحة2023-11-23T07:09:12Z
تاريخ النشر2023-09-30
اسم المنشورComputers & Security
المعرّفhttp://dx.doi.org/10.1016/j.cose.2023.103349
الاقتباسBegovic, K., Al-Ali, A., & Malluhi, Q. (2023). Cryptographic ransomware encryption detection: Survey. Computers & Security, 103349.‏
الرقم المعياري الدولي للكتاب01674048
معرّف المصادر الموحدhttps://www.sciencedirect.com/science/article/pii/S0167404823002596
معرّف المصادر الموحدhttp://hdl.handle.net/10576/49617
الملخصThe ransomware threat has loomed over our digital life since 1989. Criminals use this type of cyber attack to lock or encrypt victims' data, often coercing them to pay exorbitant amounts in ransom. The damage ransomware causes ranges from monetary losses paid for ransom at best to endangering human lives. Cryptographic ransomware, where attackers encrypt the victim's data, stands as the predominant ransomware variant. The primary characteristics of these attacks have remained the same since the first ransomware attack. For this reason, we consider this a key factor differentiating ransomware from other cyber attacks, making it vital in tackling the threat of cryptographic ransomware. This paper proposes a cyber kill chain that describes the modern crypto-ransomware attack. The survey focuses on the Encryption phase as described in our proposed cyber kill chain and its detection techniques. We identify three main methods used in detecting encryption-related activities by ransomware, namely API and System calls, I/O monitoring, and file system activities monitoring. Machine learning (ML) is a tool used in all three identified methodologies, and some of the issues within the ML domain related to this survey are also covered as part of their respective methodologies. The survey of selected proposals is conducted through the prism of those three methodologies, showcasing the importance of detecting ransomware during pre-encryption and encryption activities and the windows of opportunity to do so. We also examine commercial crypto-ransomware protection and detection offerings and show the gap between academic research and commercial applications.
اللغةen
الناشرElsevier
الموضوعRansomware
Cybersecurity
Crypto-ransomware
Encryption
Kill-chain
Survey
العنوانCryptographic ransomware encryption detection: Survey
النوعArticle
رقم المجلد132
Open Access user License http://creativecommons.org/licenses/by/4.0/
dc.accessType Open Access


الملفات في هذه التسجيلة

Thumbnail

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة