Show simple item record

AuthorKenan, Begovic
AuthorAl-Ali, Abdulaziz
AuthorMalluhi, Qutaibah
Available date2023-11-23T07:09:12Z
Publication Date2023-09-30
Publication NameComputers & Security
Identifierhttp://dx.doi.org/10.1016/j.cose.2023.103349
CitationBegovic, K., Al-Ali, A., & Malluhi, Q. (2023). Cryptographic ransomware encryption detection: Survey. Computers & Security, 103349.‏
ISSN01674048
URIhttps://www.sciencedirect.com/science/article/pii/S0167404823002596
URIhttp://hdl.handle.net/10576/49617
AbstractThe ransomware threat has loomed over our digital life since 1989. Criminals use this type of cyber attack to lock or encrypt victims' data, often coercing them to pay exorbitant amounts in ransom. The damage ransomware causes ranges from monetary losses paid for ransom at best to endangering human lives. Cryptographic ransomware, where attackers encrypt the victim's data, stands as the predominant ransomware variant. The primary characteristics of these attacks have remained the same since the first ransomware attack. For this reason, we consider this a key factor differentiating ransomware from other cyber attacks, making it vital in tackling the threat of cryptographic ransomware. This paper proposes a cyber kill chain that describes the modern crypto-ransomware attack. The survey focuses on the Encryption phase as described in our proposed cyber kill chain and its detection techniques. We identify three main methods used in detecting encryption-related activities by ransomware, namely API and System calls, I/O monitoring, and file system activities monitoring. Machine learning (ML) is a tool used in all three identified methodologies, and some of the issues within the ML domain related to this survey are also covered as part of their respective methodologies. The survey of selected proposals is conducted through the prism of those three methodologies, showcasing the importance of detecting ransomware during pre-encryption and encryption activities and the windows of opportunity to do so. We also examine commercial crypto-ransomware protection and detection offerings and show the gap between academic research and commercial applications.
Languageen
PublisherElsevier
SubjectRansomware
Cybersecurity
Crypto-ransomware
Encryption
Kill-chain
Survey
TitleCryptographic ransomware encryption detection: Survey
TypeArticle
Volume Number132
Open Access user License http://creativecommons.org/licenses/by/4.0/
dc.accessType Open Access


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record