Download PDFOpen PDF in browser

Behaviour Based Ransomware Detection

10 pagesPublished: March 13, 2019

Abstract

Ransomware is an ever-increasing threat in the world of cyber security targeting vulnerable users and companies, but what is lacking is an easier way to group, and devise practical and easy solutions which every day users can utilise.
In this paper we look at the different characteristics of ransomware, and present preventative techniques to tackle these ransomware attacks. More specifically our techniques are based on ransomware behaviour as opposed to the signature based detection used by most anti-malware software. We further discuss the implementation of these techniques and their effectiveness. We have tested the techniques on four prominent ransomware strains, WannaCry, TeslaCrypt, Cerber and Petya. In this paper we discuss how our techniques dealt with these ransomware strains and the performance impact of these techniques.

Keyphrases: acl authentication, behaviour, behaviour based detection, file entropy, file monitoring, ransomware

In: Gordon Lee and Ying Jin (editors). Proceedings of 34th International Conference on Computers and Their Applications, vol 58, pages 127-136.

BibTeX entry
@inproceedings{CATA2019:Behaviour_Based_Ransomware_Detection,
  author    = {Christopher Chew and Vimal Kumar},
  title     = {Behaviour Based Ransomware Detection},
  booktitle = {Proceedings of 34th International Conference on Computers and Their Applications},
  editor    = {Gordon Lee and Ying Jin},
  series    = {EPiC Series in Computing},
  volume    = {58},
  publisher = {EasyChair},
  bibsource = {EasyChair, https://easychair.org},
  issn      = {2398-7340},
  url       = {/publications/paper/l6hl},
  doi       = {10.29007/t5q7},
  pages     = {127-136},
  year      = {2019}}
Download PDFOpen PDF in browser