Abstract
In the present paper, an analytical study has been done on a specific type of malware that is ransomware. Recent events all over the globe suggest ransomware as the growing threat because it encrypts targeted data of victim and keeps the decryption key with itself until a fair amount of ransom is paid, generally through cryptocurrency. Also its new variants keep coming up with better and stronger application, stay undetected of anti-malware software and intrusion detection systems. The idea for this paper was to develop an early detection system dedicated to ransomware. We took dynamic malware analysis approach for this paper. Behavioral study was done on 300 downloaded ransomware, also by making our own ransomware and understanding its background working (for Windows platform) and general modus operandi. Sets of behavioral indicators and Microsoft Detours libraries were used to hook Windows API call sequences to understand run-time behavior and filter out the ransomware from Benign software. The achievement of the present work is an automated framework which can be used to make user’s system protected from ransomware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Scaife, N., Carter, H., Traynor, P., Butler, K.: CryptoLock (and Drop It): stopping ransomware attacks on user data. In: IEEE 36th ICDCS (2016)
Gupta, S., Sharma, H., Kaur, S.: Malware characterization using windows API call sequences. In: Carlet, C., Hasan, M., Saraswat, V. (eds.) Security, Privacy, and Applied Cryptography Engineering. SPACE 2016. Lecture Notes in Computer Science, vol. 10076. Springer, Cham (2016)
Detours. https://www.microsoft.com/en-us/research/project/detours/
Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System (2011)
Bitcoin—Open source P2P money. https://bitcoin.org/
Zebpay Bitcoin India. https://www.zebpay.com/
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. DIMVA (2015)
Garfinkel, S., Farrell, P., Roussev, V., Dinolt, G.: Bringing science to digital forensics with standardized forensic corpora. Digit. Invest. 6, Supplement (2009)
Trend Micro Inc. https://www.trendmicro.com/
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Int. J. Inf. Comput. Secur. 6(3) (1998)
Jana, S., Shmatikov, V.: Abusing file processing in malware detectors for fun and profit. In: IEEE Symposium on Security and Privacy (S&P) (2012)
Zeltser Security Corp. https://zeltser.com/malware-sample-sources/
GitHub Inc. https://github.com/fabrimagic72/malware-samples
Contagiodump. http://contagiodump.blogspot.in/2016/03/ransomwareosxkeranger-samples.html
Malware Tips. https://malwaretips.com/forums/malware-vault-samples.104/
Virus Total. https://www.virustotal.com/
AnalyzeIT. http://www.shockingsoft.com/AnalyzeIt.html
Kempthorne, D., Steele, A.: An evaluation of different delivery methods for teaching binary, hex and decimal conversion. J. Appl. Comput. Inf. Technol. 18(2) (2004)
Zhang, D., Bi, Y., Jiang, L.: Influence of hexadecimal character and decimal character for power waveform data compression. In: IEEE International Conference on Sustainable Power Generation and Supply (2009)
WinMerge. http://winmerge.org/
Hex-Rays. https://www.hex-rays.com/products/ida/
Visual Studios. https://www.visualstudio.com/
William, B., Cavnar, J., Trenkle, M.: N-gram-based text categorization. Environ. Res. Inst. Michigan. (1995)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sharma, H., Kant, S. (2019). Early Detection of Ransomware by Indicator Analysis and WinAPI Call Sequence Pattern. In: Satapathy, S., Joshi, A. (eds) Information and Communication Technology for Intelligent Systems . Smart Innovation, Systems and Technologies, vol 107. Springer, Singapore. https://doi.org/10.1007/978-981-13-1747-7_20
Download citation
DOI: https://doi.org/10.1007/978-981-13-1747-7_20
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-1746-0
Online ISBN: 978-981-13-1747-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)