Crypto-Ransomware and Their Defenses: In-depth Behavioral Characterization, Discussion of Deployability, and New Insights

• URL: http://arxiv.org/abs/2306.02270v4
• Date: Mon, 18 Nov 2024 17:16:34 GMT
• Title: Crypto-Ransomware and Their Defenses: In-depth Behavioral Characterization, Discussion of Deployability, and New Insights
• Authors: Wenjia Song, Sanjula Karanam, Ya Xiao, Jingyuan Qi, Nathan Dautenhahn, Na Meng, Elena Ferrari, Danfeng, Yao,
• Abstract summary: We review 117 published ransomware defense works, categorize them by the level they are implemented at, and discuss the deployability. To provide more insights, we quantitively characterize the runtime behaviors of real-world ransomware samples. Our findings help the field understand the deployability of ransomware defenses and create more effective, practical solutions.
• Score: 5.994215456058968
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Crypto-ransomware has caused an unprecedented scope of impact in recent years with an evolving level of sophistication. An extensive range of studies have been on defending against ransomware and reviewing the efficacy of various protections. However, for practical defenses, deployability holds equal significance as detection accuracy. Therefore, in this study, we review 117 published ransomware defense works, categorize them by the level they are implemented at, and discuss the deployability. API-based solutions are easy to deploy and most existing works focus on machine learning-based classification. To provide more insights, we quantitively characterize the runtime behaviors of real-world ransomware samples. Based on our experimental findings, we present a possible future detection direction with our consistency analysis and API-contrast-based refinement. Moreover, we experimentally evaluate various commercial defenses and identify the security gaps. Our findings help the field understand the deployability of ransomware defenses and create more effective, practical solutions.

Related papers

• SAFARI: a Scalable Air-gapped Framework for Automated Ransomware Investigation [37.762832978020896]
  SAFARI is an open-source framework designed for safe and efficient ransomware analysis. We demonstrate SAFARI's capabilities by building a proof-of-concept implementation and using it to run two case studies.
  arXiv  Detail & Related papers  (2025-04-10T15:44:13Z)
• Hierarchical Polysemantic Feature Embedding for Autonomous Ransomware Detection [0.0]
  The evolution of ransomware requires the development of more sophisticated detection techniques. The proposed framework embeds ransomware-relevant features into a non-Euclidean space. Experimental evaluations demonstrated that the framework consistently outperformed conventional machine learning-based models. The proposed method maintains a balance between detection performance and processing overhead, making it a viable candidate for real-world cybersecurity applications.
  arXiv  Detail & Related papers  (2025-02-09T21:46:36Z)
• Hierarchical Pattern Decryption Methodology for Ransomware Detection Using Probabilistic Cryptographic Footprints [0.0]
  The framework combines advanced clustering algorithms with machine learning to isolate ransomware-induced anomalies. It effectively distinguishes malicious encryption operations from benign activities while maintaining low false positive rates. The inclusion of real-time anomaly evaluation ensures rapid response capabilities, addressing critical latency challenges in ransomware detection.
  arXiv  Detail & Related papers  (2025-01-25T05:26:17Z)
• A Survey of Defenses against AI-generated Visual Media: Detection, Disruption, and Authentication [15.879482578829489]
  Deep generative models have demonstrated impressive performance in various computer vision applications. These models may be used for malicious purposes, such as misinformation, deception, and copyright violation. This paper provides a systematic and timely review of research efforts on defenses against AI-generated visual media.
  arXiv  Detail & Related papers  (2024-07-15T09:46:02Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey [114.17568992164303]
  Adrial attacks and defenses in machine learning and deep neural network have been gaining significant attention. This survey provides a comprehensive overview of the recent advancements in the field of adversarial attack and defense techniques. New avenues of attack are also explored, including search-based, decision-based, drop-based, and physical-world attacks.
  arXiv  Detail & Related papers  (2023-03-11T04:19:31Z)
• Illusory Attacks: Information-Theoretic Detectability Matters in Adversarial Attacks [76.35478518372692]
  We introduce epsilon-illusory, a novel form of adversarial attack on sequential decision-makers. Compared to existing attacks, we empirically find epsilon-illusory to be significantly harder to detect with automated methods. Our findings suggest the need for better anomaly detectors, as well as effective hardware- and system-level defenses.
  arXiv  Detail & Related papers  (2022-07-20T19:49:09Z)
• Detecting Ransomware Execution in a Timely Manner [0.0]
  In recent times ransomware has spread from traditional computational resources to cyber-physical systems and industrial controls. We devised a series of experiments in which virtual instances are infected with ransomware. We design a change point detection and learning method for identifying ransomware execution.
  arXiv  Detail & Related papers  (2022-01-12T11:40:59Z)
• Adversarial Machine Learning In Network Intrusion Detection Domain: A Systematic Review [0.0]
  It has been found that deep learning models are vulnerable to data instances that can mislead the model to make incorrect classification decisions. This survey explores the researches that employ different aspects of adversarial machine learning in the area of network intrusion detection.
  arXiv  Detail & Related papers  (2021-12-06T19:10:23Z)
• Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial Robustness [53.094682754683255]
  We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically. Our method learns the in adversarial attacks parameterized by a recurrent neural network. We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
  arXiv  Detail & Related papers  (2021-10-13T13:54:24Z)
• Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
  This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
  arXiv  Detail & Related papers  (2021-01-28T16:38:26Z)
• A survey on practical adversarial examples for malware classifiers [0.17767466724342065]
  Deep neural networks have been found to be vulnerable to adversarial examples. This vulnerability can be exploited to create evasive malware samples. We review practical attacks against malware classifiers that generate adversarial malware examples.
  arXiv  Detail & Related papers  (2020-11-06T17:07:34Z)
• Adversarial vs behavioural-based defensive AI with joint, continual and active learning: automated evaluation of robustness to deception, poisoning and concept drift [62.997667081978825]
  Recent advancements in Artificial Intelligence (AI) have brought new capabilities to behavioural analysis (UEBA) for cyber-security. In this paper, we present a solution to effectively mitigate this attack by improving the detection process and efficiently leveraging human expertise.
  arXiv  Detail & Related papers  (2020-01-13T13:54:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.