Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. (February 2018)
- Record Type:
- Journal Article
- Title:
- Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. (February 2018)
- Main Title:
- Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics
- Authors:
- Cabaj, Krzysztof
Gregorczyk, Marcin
Mazurczyk, Wojciech - Abstract:
- Abstract: Ransomware is currently one of the key threats facing individuals and corporate Internet users. Especially dangerous is crypto ransomware that encrypts important user data, and it is only possible to recover it once a ransom has been paid. Therefore, devising efficient and effective countermeasures is a pressing necessity. In this paper we present a novel Software-Defined Networking (SDN) based detection approach that utilizes the characteristics of the ransomware communication. Based on an observation of network communication between two crypto ransomware families, namely CryptoWall and Locky, we conclude that an analysis of the HTTP message sequences and their respective content sizes is enough to detect such threats. We show the feasibility of our approach by designing and evaluating a proof-of-concept SDN-based detection system. The experimental results confirm that the proposed approach is feasible and efficient.
- Is Part Of:
- Computers & electrical engineering. Volume 66(2018)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 66(2018)
- Issue Display:
- Volume 66, Issue 2018 (2018)
- Year:
- 2018
- Volume:
- 66
- Issue:
- 2018
- Issue Sort Value:
- 2018-0066-2018-0000
- Page Start:
- 353
- Page End:
- 368
- Publication Date:
- 2018-02
- Subjects:
- Ransomware -- Malware -- Software-defined networking -- Network security
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2017.10.012 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 9055.xml