Ransomware protection using the moving target defense perspective. (September 2019)
- Record Type:
- Journal Article
- Title:
- Ransomware protection using the moving target defense perspective. (September 2019)
- Main Title:
- Ransomware protection using the moving target defense perspective
- Authors:
- Lee, Suhyeon
Kim, Huy Kang
Kim, Kyounggon - Abstract:
- Highlights: We analyzed the ransomware attack process in four phases which are receiving a key from attacker's server, finding target files, generating an encryption key, and encrypting target files. Our approach can be a "game changer" to respond to ransomware; we provide a brand-new preventive measure beyond traditional detection measures by randomly and continuously changing file extensions. To the best of our knowledge, this approach is the first preemptive measure to respond to ransomware by applying the Moving Target Defense method. Experiments with our approach have shown that we can effectively protect important files from ransomware attacks. In our experiment, we could protect important files from 141 of the 143 ransomware samples in four ransomware families. We consider usability and compatibility for most personal computer environments. Our approach requires minimal computational power so as not to result in performance degradation; Also, it does not need to deploy additional security software to apply the proposed method. Abstract: Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim's important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues to evolve; as a result, it has becomes more difficult to defend. In this study, we analyzeHighlights: We analyzed the ransomware attack process in four phases which are receiving a key from attacker's server, finding target files, generating an encryption key, and encrypting target files. Our approach can be a "game changer" to respond to ransomware; we provide a brand-new preventive measure beyond traditional detection measures by randomly and continuously changing file extensions. To the best of our knowledge, this approach is the first preemptive measure to respond to ransomware by applying the Moving Target Defense method. Experiments with our approach have shown that we can effectively protect important files from ransomware attacks. In our experiment, we could protect important files from 141 of the 143 ransomware samples in four ransomware families. We consider usability and compatibility for most personal computer environments. Our approach requires minimal computational power so as not to result in performance degradation; Also, it does not need to deploy additional security software to apply the proposed method. Abstract: Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim's important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues to evolve; as a result, it has becomes more difficult to defend. In this study, we analyze major ransomware including WannaCry and propose a method to protect valuable files from existing ransomware. To this end, the moving target defense method is applied by randomly changing the file extensions that ransomware attempts to encrypt. We show that our proposed method can successfully protect files from ransomware. Finally, we present the proposed method which can be reasonably used without performance degradation. … (more)
- Is Part Of:
- Computers & electrical engineering. Volume 78(2019)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 78(2019)
- Issue Display:
- Volume 78, Issue 2019 (2019)
- Year:
- 2019
- Volume:
- 78
- Issue:
- 2019
- Issue Sort Value:
- 2019-0078-2019-0000
- Page Start:
- 288
- Page End:
- 299
- Publication Date:
- 2019-09
- Subjects:
- Ransomware -- Malware -- Moving target defense -- File extension -- Randomization
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2019.07.014 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23131.xml