A Signature- based Ransomware Detection and Automated Data Backup to Safeguard the System from Ransomware Attack
Keywords:
Ransomware, Automated backup, Signature-based analysis, Ransomware variants, BackupAbstract
Ransomware attacks have developed as a serious cybersecurity concern, causing significant financial losses and data breaches in a variety of industries. To tackle this threat, a reliable and efficient detection system is essential. To improve protection against ransomware assaults, a ransomware detection mechanism coupled with an automated backup method is proposed in this paper. To identify and isolate malicious code, our system uses signature-based analysis, leveraging a large database of known ransomware signatures. The system can quickly identify files by comparing them to these signatures of ransomware, allowing for quick response and backup. This method is successful in recognising known ransomware variants with high accuracy. In addition, the incorporation of an automated backup process supplements the detection system by maintaining data integrity and availability. When Ransomware samples are detected, the system immediately creates backups in secure storage. The ability to swiftly restore affected files from the backup repository reduces the motivation for attackers to demand ransom payments in the case of an attack involving ransomware.
Downloads
References
Beaman C, Barkworth A, Akande TD, Hakak S, Khan MK. "Ransomware: Recent advances, analysis, challenges and future research directions. " Comput Secur. 2021 Dec;111:102490. doi: 10.1016/j.cose.2021.102490. Epub 2021 Sep 24. PMID: 34602684; PMCID: PMC8463105.
Taran Cyriac John, Muhammad Shabbir Abbasi, Harith Al-Sahaf, Ian Welch, Julian Jang-Jaccard, Evolving malice scoring models for ransomware detection: An automated approach by utilising genetic programming and cooperative coevolution, Computers & Security, Volume 129, 2023, 103215, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2023.103215.(https://www.sciencedirect.com/science/article/pii/S0167404823001256)
J. A. Diro, H. Reda, N. Chilamkurti, A. Mahmood, N. Zaman and Y. Nam, "Lightweight Authenticated-Encryption Scheme for Internet of Things Based on Publish-Subscribe Communication," in IEEE Access, vol. 8, pp. 60539-60551, 2020, doi: 10.1109/ACCESS.2020.2983117
Chesti, I.A.; Humayun, M.; Sama, N.U.; Jhanjhi, N. Evolution, mitigation, and prevention of ransomware. In Proceedings of the 2020 2nd International Conference on Computer and Information Sciences (ICCIS), Sakaka, Saudi Arabia, 13–15 October 2020; pp. 1–6. [Google Scholar]
F. Cicala and E. Bertino, "Analysis of Encryption Key Generation in Modern Crypto Ransomware," in IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 2, pp. 1239-1253, 1 March-April 2022, doi: 10.1109/TDSC.2020.3005976.
Celdrán, A.H.; Sánchez, P.M.S.; Castillo, M.A.; Bovet, G.; Pérez, G.M.; Stiller, B. Intelligent and behavioral-based detection of malware in IoT spectrum sensors. Int. J. Inf. Secur. 2022, 22, 541–561. [Google Scholar] [CrossRef]
Philip, K.; Sakir, S.; Domhnall, C. Evolution of ransomware. IET Netw. 2018, 7, 321–327. [Google Scholar]
Silva, J.A.H. , Barona, L. , Valdivieso, L. , Alvarez, M. , 2019. “A survey on situational awareness of ransomware attacks –detection and prevention parameters, ” RemoteSens. 2019, 11(10),1168; https://doi.org/10.3390/rs11101168.
Bander Ali Saleh Al-rimy, Mohd Aizaini Maarof, Syed Zainudeen Mohd Shaid, “Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions, ” Computers & Security, Volume 74, 2018, Pages 144-166, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2018.01.001.(https://www.sciencedirect.com/science/article/pii/S016740481830004X)
Mohurle, S., Patil, M.R., 2017. “A brief study of wannacry threat: ransomware attack, ” 2017. Int. J. Adv. Res. Comput. Sci. 8 (5), 1938–1940. http://www.ijarcs.info/ index.php/Ijarcs/article/view/4021
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E. (2015). “Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks,” In: Almgren, M., Gulisano, V., Maggi, F. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2015. Lecture Notes in Computer Science(), vol 9148. Springer, Cham. https://doi.org/10.1007/978-3-319-20550-2_1
Laszka, A., Farhang, S., Grossklags, J. (2017). “In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds) Decision and Game Theory for Security, ” GameSec 2017. Lecture Notes in Computer Science(), vol 10575. Springer, Cham. https://doi.org/10.1007/978-3-319-68711-7_21
Anghel, Mihail, and Andrei Racautanu. "A note on different types of ransomware attacks." Cryptology ePrint Archive (2019).
Celiktas, B., Karacuha, E., 2018. “The Ransomware Detection and Prevention Tool Design by Using Signature and Anomaly Based Detection Methods,” Istanbul Technical University. (2018). 10.13140/RG.2.2.16758.29765.
Ren, Amos & Liang, Chong & Hyug, Im & Brohi, Sarfraz & Jhanjhi, Noor. (2018). “A Three-Level Ransomware Detection and Prevention Mechanism, ” EAI Endorsed Transactions on Energy Web. 7. 162691. 10.4108/eai.13-7-2018.162691.
Alhawi, Omar & Baldwin, James & Dehghantanha, Ali. (2018). “Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection, ” 10.1007/978-3-319-73951-9_5.
Zhang, Hanqi & Xiao, Xi & Mercaldo, Francesco & Ni, Shiguang & Martinelli, Fabio & Kumar, Arun. (2018). “Classification of ransomware families with machine learning based on N -gram of opcodes,” Future Generation Computer Systems. 90. 10.1016/j.future.2018.07.052.
Davide Berardi, Saverio Giallorenzo, Andrea Melis, Simone Melloni, Loris Onori, Marco Prandini, “Data Flooding against Ransomware: Concepts and Implementations,” Computers & Security, Volume 131, 2023, 103295, ISSN 0167-4048,https://doi.org/10.1016/j.cose.2023.103295.(https://www.sciencedirect.com/science/article/pii/S0167404823002055)
Kenan Begovic, Abdulaziz Al-Ali, Qutaibah Malluhi “Cryptographic ransomware encryption detection: Survey,” Computers & Security (IF 5.6), 2023, DOI: 10.1016/j.cose.2023.103349
Moreira, Caio & Moreira, Davi Carvalho & Jr, Claudomiro. (2023). “Improving Ransomware Detection based on Portable Executable Header using Xception Convolutional Neural Network,” Computers & Security. 130. 103265. 10.1016/j.cose.2023.103265.
Arzu Gorgulu Kakisim, Mert Nar, Ibrahim Sogukpinar, Metamorphic malware identification using engine-specific patterns based on co-opcode graphs, Computer Standards & Interfaces, Volume 71, 2020, 103443, ISSN 0920-5489, https://doi.org/10.1016/j.csi.2020.103443.(https://www.sciencedirect.com/science/article/pii/S0920548919302685)
Berrueta, Eduardo & Morato, Daniel & Magaña, Eduardo & Izal, Mikel. (2022). “Crypto-ransomware detection using machine learning models in file-sharing network scenario with encrypted traffic,”
Cimitile, Aniello & Mercaldo, Francesco & Nardone, Vittoria & Santone, Antonella & Visaggio, Corrado Aaron. (2018). “Talos: no more ransomware victims with formal methods,” International Journal of Information Security. 17. 10.1007/s10207-017-0398-5.
Zhen Li,Qi Liao, “Preventive portfolio against data-selling ransomware—A game theory of encryption and deception,” Computers and Security, Volume 116, Issue C, May 2022, https://doi.org/10.1016/j.cose.2022.102644
Molina, Ricardo & Torabi, Sadegh & Sarieddine, Khaled & Bou-Harb, Elias & Bouguila, Nizar & Assi, Chadi. (2021). On Ransomware Family Attribution Using Pre-Attack Paranoia Activities. IEEE Transactions on Network and Service Management. PP. 10.1109/TNSM.2021.3112056.
S. H. Kok, A. Abdullah and N. Jhanjhi, “Early detection of crypto-ransomware using pre-encryption detection algorithm,” Journal of King Saud University–Computer and Information Sciences, https://doi.org/10.1016/j.jksuci.2020.06.012
Shaukat, Saiyed & Ribeiro, Vinay. (2018). “RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning,” 356-363. 10.1109/COMSNETS.2018.8328219.
J.A. Gómez-Hernández, L. Álvarez-González, P. García-Teodoro, “R-Locker: Thwarting ransomware action through a honeyfile-based approach, ” Computers & Security, Volume 73, 2018, Pages 389-398, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2017.11.019. (https://www.sciencedirect.com/science/article/pii/S0167404817302560)
Ami, Or & Elovici, Yuval & Hendler, Danny. (2018). “Ransomware prevention using application authentication-based file access control ”, SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1610-1619. 10.1145/3167132.3167304.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
