Enhanced Cyber Threat Intelligence by Network Forensic Analysis for Ransomware as a Service(RaaS) Malwares
- URL: http://arxiv.org/abs/2601.13873v1
- Date: Tue, 20 Jan 2026 11:40:58 GMT
- Title: Enhanced Cyber Threat Intelligence by Network Forensic Analysis for Ransomware as a Service(RaaS) Malwares
- Authors: Sharmila S P,
- Abstract summary: Signature based intrusion detection is still on role suffering from the scarcity of RaaS packet signatures.<n>We have analysed RaaS samples by network forensic approach to investigate on packet captures of benign and malicious network traffic.<n>More than 40% of packets are found malicious in this experiment.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In the current era of interconnected cyberspace, there is an adverse effect of ransomware on individuals, startups, and large companies. Cybercriminals hold digital assets till the demand for payment is made. The success of ransomware upsurged with the introduction of Ransomware as a Service(RaaS) franchise in the darknet market. Obfuscation and polymorphic nature of malware make them more difficult to identify by Antivirus system. Signature based intrusion detection is still on role suffering from the scarcity of RaaS packet signatures. We have analysed RaaS samples by network forensic approach to investigate on packet captures of benign and malicious network traffic. The behavior analysis of RaaS family Ransomwares, Ryuk and Gandcrab have been investigated to classify the packets as suspicious, malicious, and non-malicious which further aid in generating RaaS packet signatures for early detection and mitigation of ransomwares belonging to RaaS family. More than 40\% of packets are found malicious in this experiment. The proposed method is also verified by Virus Total API Approach. Further, the proposed approach is recommended for integration into honeypots in the present scenario to combat with data scarcity concerned with malware samples(RaaS). This data will be helpful in developing AI-based threat intelligence mechanisms. In turn enhance detection, prevention of threats, incident response and risk assessment.
Related papers
- Malice in Agentland: Down the Rabbit Hole of Backdoors in the AI Supply Chain [82.98626829232899]
Fine-tuning AI agents on data from their own interactions introduces a critical security vulnerability within the AI supply chain.<n>We show that adversaries can easily poison the data collection pipeline to embed hard-to-detect backdoors.
arXiv Detail & Related papers (2025-10-03T12:47:21Z) - Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE [64.47951172662745]
Cuckoo Attack is a novel attack that achieves stealthy and persistent command execution by embedding malicious payloads into configuration files.<n>We formalize our attack paradigm into two stages, including initial infection and persistence.<n>We contribute seven actionable checkpoints for vendors to evaluate their product security.
arXiv Detail & Related papers (2025-09-19T04:10:52Z) - Evasive Ransomware Attacks Using Low-level Behavioral Adversarial Examples [0.0]
This paper introduces the concept of low-level behavioral adversarial examples and its threat model of evasive ransomware.<n>We formulate the method and the threat model to generate the optimal source code of evasive malware.<n>We then examine the method using the leaked source code of Conti ransomware with the micro-behavior control function.
arXiv Detail & Related papers (2025-08-12T05:45:28Z) - SAFARI: a Scalable Air-gapped Framework for Automated Ransomware Investigation [37.762832978020896]
SAFARI is an open-source framework designed for safe and efficient ransomware analysis.<n>We demonstrate SAFARI's capabilities by building a proof-of-concept implementation and using it to run two case studies.
arXiv Detail & Related papers (2025-04-10T15:44:13Z) - Assessing and Prioritizing Ransomware Risk Based on Historical Victim Data [0.0]
We present an approach to identifying which ransomware adversaries are most likely to target specific entities.<n>Ransomware poses a formidable cybersecurity threat characterized by profit-driven motives, a complex underlying economy supporting criminal syndicates, and the overt nature of its attacks.
arXiv Detail & Related papers (2025-02-06T15:57:56Z) - Unveiling Malware Patterns: A Self-analysis Perspective [15.517313565392852]
VisUnpack is a static analysis-based data visualization framework for bolstering attack prevention and aiding recovery post-attack.<n>Our method includes unpacking packed malware programs, calculating local similarity descriptors based on basic blocks, enhancing correlations between descriptors, and refining them by minimizing noises.<n>Our comprehensive evaluation of VisUnpack based on a freshly gathered dataset with over 27,106 samples confirms its capability in accurately classifying malware programs with a precision of 99.7%.
arXiv Detail & Related papers (2025-01-10T16:04:13Z) - MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware.
We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph.
This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
arXiv Detail & Related papers (2024-09-29T07:22:47Z) - Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications.
The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms.
This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z) - Ransomware Detection and Classification using Machine Learning [7.573297026523597]
This study uses the XGBoost and Random Forest (RF) algorithms to detect and classify ransomware attacks.
The models are evaluated on a dataset of ransomware attacks and demonstrate their effectiveness in accurately detecting and classifying ransomware.
arXiv Detail & Related papers (2023-11-05T18:16:53Z) - DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified
Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection.
Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables.
We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z) - Being Single Has Benefits. Instance Poisoning to Deceive Malware
Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier.
As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger.
We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.