Abstract
Ransomware is a serious security threat faced by organizations and individuals today, and ransomware attacks are on the increase. There is no infallible solution for protecting against ransomware as the malware code uses metamorphic and polymorphic algorithms to generate different versions thus evading signature detection. Ransomware also uses domain generator algorithms (DGA) to generate new domains for the command and control server (C&C), they constantly exploit new vulnerabilities, and they use various infection vectors. Thus, for an organization to protect itself, an adaptive security architecture is required to constantly monitor the network so as to detect new ransomware infection at an early stage such that it can be blocked before encryption of files occur. This approach is a defence in depth approach which supplements the network defences such as patch management, anti-virus software, intrusion detection, firewalls, and content filtering. A framework for the implementation of the adaptive security architecture model using open source software is presented and the proposed framework is tested against the WannaCry and Petya ransomware. The proposed framework was successfully able to alert of the ransomware attack and by the use of the AppLocker feature on Windows, it was even possible to prevent the Petya ransomware from executing on the victim host.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
O’Brien, D.: Symantec Internet Security Threat Report, Special Report: Ransomware. Symantec (2017)
Arsene, L., Gheorghe, A.: Ransomware, A Victim’s Perspective: Bitdefender, A Study on US and European Internet Users. BitDefender (2016)
Osterman Research: Understanding the Depth of the Global Ransomware Problem, Survey Report. MalwareBytes (2016)
Lord, N.: Ransomware Protection & Removal: How Businesses Can Best Defend Against Ransomware Attacks, 06 March 2018. https://digitalguardian.com/blog/ransomware-protection-attacks. Accessed 15 June 2018
Fortinet: Threat Landscape Report Q1 2018. Fortinet (2018)
Kassner, M.: Ransomware: Extortion via the Internet, 11 January 2010. https://www.techrepublic.com/blog/it-security/ransomware-extortion-via-the-internet/
Thada, V.: A primer on ransomware: extortion on the internet. Int. J. Future Revolut. Comput. Sci. Commun. Eng. 3(9), 63–69 (2017)
F-Secure: State of CyberSecurity 2017 (2017). https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017
Al-rimy, B.A.S., Maarof, M.A., Shaid, S.Z.M.: Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. J. Comput. Secur. 74, 144–166 (2018)
Zorabedian, J.: Anatomy of a ransomware attack: CryptoLocker, CryptoWall, and how to stay safe, 03 March 2015. https://news.sophos.com/en-us/2015/03/03/anatomy-of-a-ransomware-attack-cryptolocker-cryptowall-and-how-to-stay-safe-infographic/
Elise: CryptoLocker – a new ransomware variant, 10 September 2013. https://blog.emsisoft.com/en/1615/cryptolocker-a-new-ransomware-variant/
Avast Intelligence: A closer look at the Locky ransomware, March 2016. https://blog.avast.com/a-closer-look-at-the-locky-ransomware
CERT-MU: The WannaCry Ransomware White Paper. CERT-MU, Mauritius (2017)
Malwarebytes Labs: Petya – Taking Ransomware to the Low Level, June 2017. https://blog.malwarebytes.com/threat-analysis/2016/04/petya-ransomware/
Kolodenkerz, E., Koch, W., Stringhiniy, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Conference on Computer and Communications Security, Asia (2017)
Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A.: Ransomware and the legacy crypto. In: International Conference on Risks and Security of Internet and Systems (CRiSIS) (2017)
Weckstén, M., Frick, J., Sjöström, A., Järpe, E.: A novel method for recovery from crypto-ransomware infections. In: 2nd IEEE International Conference on Computer and Communications (2016)
Woo, S.-U., Kim, D.-H., Chung, T.-M.: Method of detecting malware through analysis of opcodes frequency with machine learning technique. In: Advances in Computer Science and Ubiquitous Computing. Lecture Notes in Electrical Engineering, vol. 421. Springer, Singapore (2017)
Yewale, A., Singh, M.: Malware detection based on opcode frequency. In: International Conference on Advanced Communication Control and Computing Technologies (ICACCCT) (2016)
Gómez-Hernández, J.A., Álvarez-González, L., García-Teodoro, P.: R-Locker: thwarting ransomware action through a honeyfile-based approach. J. Comput. Secur. 73, 389–398 (2018)
Ravi, C., Manoharan, R.: Malware detection using windows API sequence and machine learning. Int. J. Comput. Appl. 43(17), 12–16 (2012)
Hampton, N., Baig, Z., Zeadally, S.: Ransomware behavioural analysis on Windows platform. J. Inf. Secur. Appl. 40, 44–51 (2018)
Alhawi, O.M.K., Baldwin, J., Dehghantanha, A.: Leveraging machine learning techniques for Windows ransomware network traffic detection. In: Cyber Threat Intelligence. Advances in Information Security, vol. 70. Springer, Cham (2018)
Gangwar, K., Mohanty, S., Mohapatra, A.K.: Analysis and detection of ransomware through its delivery methods. In: Data Science and Analytics, REDSET 2017. Communications in Computer and Information Science, vol. 799. Springer, Singapore (2018)
Shaukat, S.K., Ribeiro, V.J.: RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. In: 10th International Conference on Communication Systems & Networks (COMSNETS) (2018)
Baykara, M., Sekin, B.: A novel approach to ransomware: designing a safe zone system. In: 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey (2018)
Moore, C.: Detecting ransomware with honeypot techniques. In: Cybersecurity and Cyberforensics Conference (CCC), Amman, Jordan (2016)
Azmoodeh, A., Dehghantanha, A., Conti, M., Choo, K.-K.R.: Detecting crypto-ransomware in IoT networks based on energy consumption footprint. J. Ambient Intell. Hum. Comput. 9, 1141–1152 (2017)
Ferrante, A., Malek, M., Martinelli, F., Mercaldo, F., Milosevic, J.: Extinguishing ransomware - a hybrid approach to android ransomware detection. In: Foundations and Practice of Security. Lecture Notes in Computer Science. Springer (2017)
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2015. Lecture Notes in Computer Science, vol. 9148. Springer, Cham (2015)
Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw. 30(6), 14–20 (2016)
van der Meulen, R.: Build adaptive security architecture into your organisation, 30 June 2017. https://www.gartner.com/smarterwithgartner/build-adaptive-security-architecture-into-your-organization/
Sinno, S., Negri, F., Goldhammer, S.: Designing an adaptive security architecture with unisys stealth and logrhythm. White Paper, Unisys Corporation, USA (2017)
Snort (2018). https://www.snort.org/
OSSEC: OSSEC (Open Source HIDS SEcurity) (2018). https://www.ossec.net/
GrayLog (2018). https://www.graylog.org/
Elasticsearch (2018). https://www.elastic.co/
OPNsense (2018). https://opnsense.org/
Microsoft: What is AppLocker? (2018). https://docs.microsoft.com/en-us/windows/security/threatprotection/windows-defender-application-control/applocker/what-is-applocker
Rsyslog: The rocket-fast system for log processing (2018). https://www.rsyslog.com/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Caliaberah, P.B., Armoogum, S., Li, X. (2020). An Adaptive Security Architecture for Detecting Ransomware Attack Using Open Source Software. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1129. Springer, Cham. https://doi.org/10.1007/978-3-030-39445-5_45
Download citation
DOI: https://doi.org/10.1007/978-3-030-39445-5_45
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39444-8
Online ISBN: 978-3-030-39445-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)