Skip to main content
SpringerLink
Log in

An Adaptive Security Architecture for Detecting Ransomware Attack Using Open Source Software

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1129))

Included in the following conference series:

Abstract

Ransomware is a serious security threat faced by organizations and individuals today, and ransomware attacks are on the increase. There is no infallible solution for protecting against ransomware as the malware code uses metamorphic and polymorphic algorithms to generate different versions thus evading signature detection. Ransomware also uses domain generator algorithms (DGA) to generate new domains for the command and control server (C&C), they constantly exploit new vulnerabilities, and they use various infection vectors. Thus, for an organization to protect itself, an adaptive security architecture is required to constantly monitor the network so as to detect new ransomware infection at an early stage such that it can be blocked before encryption of files occur. This approach is a defence in depth approach which supplements the network defences such as patch management, anti-virus software, intrusion detection, firewalls, and content filtering. A framework for the implementation of the adaptive security architecture model using open source software is presented and the proposed framework is tested against the WannaCry and Petya ransomware. The proposed framework was successfully able to alert of the ransomware attack and by the use of the AppLocker feature on Windows, it was even possible to prevent the Petya ransomware from executing on the victim host.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. O’Brien, D.: Symantec Internet Security Threat Report, Special Report: Ransomware. Symantec (2017)

    Google Scholar 

  2. Arsene, L., Gheorghe, A.: Ransomware, A Victim’s Perspective: Bitdefender, A Study on US and European Internet Users. BitDefender (2016)

    Google Scholar 

  3. Osterman Research: Understanding the Depth of the Global Ransomware Problem, Survey Report. MalwareBytes (2016)

    Google Scholar 

  4. Lord, N.: Ransomware Protection & Removal: How Businesses Can Best Defend Against Ransomware Attacks, 06 March 2018. https://digitalguardian.com/blog/ransomware-protection-attacks. Accessed 15 June 2018

  5. Fortinet: Threat Landscape Report Q1 2018. Fortinet (2018)

    Google Scholar 

  6. Kassner, M.: Ransomware: Extortion via the Internet, 11 January 2010. https://www.techrepublic.com/blog/it-security/ransomware-extortion-via-the-internet/

  7. Thada, V.: A primer on ransomware: extortion on the internet. Int. J. Future Revolut. Comput. Sci. Commun. Eng. 3(9), 63–69 (2017)

    Google Scholar 

  8. F-Secure: State of CyberSecurity 2017 (2017). https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017

  9. Al-rimy, B.A.S., Maarof, M.A., Shaid, S.Z.M.: Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. J. Comput. Secur. 74, 144–166 (2018)

    Article  Google Scholar 

  10. Zorabedian, J.: Anatomy of a ransomware attack: CryptoLocker, CryptoWall, and how to stay safe, 03 March 2015. https://news.sophos.com/en-us/2015/03/03/anatomy-of-a-ransomware-attack-cryptolocker-cryptowall-and-how-to-stay-safe-infographic/

  11. Elise: CryptoLocker – a new ransomware variant, 10 September 2013. https://blog.emsisoft.com/en/1615/cryptolocker-a-new-ransomware-variant/

  12. Avast Intelligence: A closer look at the Locky ransomware, March 2016. https://blog.avast.com/a-closer-look-at-the-locky-ransomware

  13. CERT-MU: The WannaCry Ransomware White Paper. CERT-MU, Mauritius (2017)

    Google Scholar 

  14. Malwarebytes Labs: Petya – Taking Ransomware to the Low Level, June 2017. https://blog.malwarebytes.com/threat-analysis/2016/04/petya-ransomware/

  15. Kolodenkerz, E., Koch, W., Stringhiniy, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Conference on Computer and Communications Security, Asia (2017)

    Google Scholar 

  16. Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A.: Ransomware and the legacy crypto. In: International Conference on Risks and Security of Internet and Systems (CRiSIS) (2017)

    Google Scholar 

  17. Weckstén, M., Frick, J., Sjöström, A., Järpe, E.: A novel method for recovery from crypto-ransomware infections. In: 2nd IEEE International Conference on Computer and Communications (2016)

    Google Scholar 

  18. Woo, S.-U., Kim, D.-H., Chung, T.-M.: Method of detecting malware through analysis of opcodes frequency with machine learning technique. In: Advances in Computer Science and Ubiquitous Computing. Lecture Notes in Electrical Engineering, vol. 421. Springer, Singapore (2017)

    Google Scholar 

  19. Yewale, A., Singh, M.: Malware detection based on opcode frequency. In: International Conference on Advanced Communication Control and Computing Technologies (ICACCCT) (2016)

    Google Scholar 

  20. Gómez-Hernández, J.A., Álvarez-González, L., García-Teodoro, P.: R-Locker: thwarting ransomware action through a honeyfile-based approach. J. Comput. Secur. 73, 389–398 (2018)

    Article  Google Scholar 

  21. Ravi, C., Manoharan, R.: Malware detection using windows API sequence and machine learning. Int. J. Comput. Appl. 43(17), 12–16 (2012)

    Google Scholar 

  22. Hampton, N., Baig, Z., Zeadally, S.: Ransomware behavioural analysis on Windows platform. J. Inf. Secur. Appl. 40, 44–51 (2018)

    Google Scholar 

  23. Alhawi, O.M.K., Baldwin, J., Dehghantanha, A.: Leveraging machine learning techniques for Windows ransomware network traffic detection. In: Cyber Threat Intelligence. Advances in Information Security, vol. 70. Springer, Cham (2018)

    Google Scholar 

  24. Gangwar, K., Mohanty, S., Mohapatra, A.K.: Analysis and detection of ransomware through its delivery methods. In: Data Science and Analytics, REDSET 2017. Communications in Computer and Information Science, vol. 799. Springer, Singapore (2018)

    Google Scholar 

  25. Shaukat, S.K., Ribeiro, V.J.: RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. In: 10th International Conference on Communication Systems & Networks (COMSNETS) (2018)

    Google Scholar 

  26. Baykara, M., Sekin, B.: A novel approach to ransomware: designing a safe zone system. In: 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey (2018)

    Google Scholar 

  27. Moore, C.: Detecting ransomware with honeypot techniques. In: Cybersecurity and Cyberforensics Conference (CCC), Amman, Jordan (2016)

    Google Scholar 

  28. Azmoodeh, A., Dehghantanha, A., Conti, M., Choo, K.-K.R.: Detecting crypto-ransomware in IoT networks based on energy consumption footprint. J. Ambient Intell. Hum. Comput. 9, 1141–1152 (2017)

    Article  Google Scholar 

  29. Ferrante, A., Malek, M., Martinelli, F., Mercaldo, F., Milosevic, J.: Extinguishing ransomware - a hybrid approach to android ransomware detection. In: Foundations and Practice of Security. Lecture Notes in Computer Science. Springer (2017)

    Google Scholar 

  30. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2015. Lecture Notes in Computer Science, vol. 9148. Springer, Cham (2015)

    Google Scholar 

  31. Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw. 30(6), 14–20 (2016)

    Article  Google Scholar 

  32. van der Meulen, R.: Build adaptive security architecture into your organisation, 30 June 2017. https://www.gartner.com/smarterwithgartner/build-adaptive-security-architecture-into-your-organization/

  33. Sinno, S., Negri, F., Goldhammer, S.: Designing an adaptive security architecture with unisys stealth and logrhythm. White Paper, Unisys Corporation, USA (2017)

    Google Scholar 

  34. Snort (2018). https://www.snort.org/

  35. OSSEC: OSSEC (Open Source HIDS SEcurity) (2018). https://www.ossec.net/

  36. GrayLog (2018). https://www.graylog.org/

  37. Elasticsearch (2018). https://www.elastic.co/

  38. OPNsense (2018). https://opnsense.org/

  39. Microsoft: What is AppLocker? (2018). https://docs.microsoft.com/en-us/windows/security/threatprotection/windows-defender-application-control/applocker/what-is-applocker

  40. Rsyslog: The rocket-fast system for log processing (2018). https://www.rsyslog.com/

Download references

Author information

Authors and Affiliations

  1. School of Innovative Technologies and Engineering, University of Technology Mauritius, La Tour Koenig, Pointes-aux-Sables, Port Louis, Mauritius

    Prya Booshan Caliaberah & Sandhya Armoogum

  2. School of Computer Science and Technology, Tianjin University, Tianjin, China

    Xiaoming Li

Authors
  1. Prya Booshan Caliaberah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sandhya Armoogum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaoming Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sandhya Armoogum .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Supriya Kapoor

  3. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Caliaberah, P.B., Armoogum, S., Li, X. (2020). An Adaptive Security Architecture for Detecting Ransomware Attack Using Open Source Software. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1129. Springer, Cham. https://doi.org/10.1007/978-3-030-39445-5_45

Download citation

Publish with us

Policies and ethics

Search

Navigation