Temporal Data Correlation Providing Enhanced Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation-Reference-Cited by-同舟云学术

Temporal Data Correlation Providing Enhanced Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation

Published:2023-04-28 Issue:9 Volume:23 Page:4355
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Alqahtani Abdullah¹²,Sheldon Frederick T.²^ORCID

Affiliation:

1. College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia

2. Department of Computer Science, University of Idaho, Moscow, ID 83844, USA

Abstract

Ransomware is a type of malware that employs encryption to target user files, rendering them inaccessible without a decryption key. To combat ransomware, researchers have developed early detection models that seek to identify threats before encryption takes place, often by monitoring the initial calls to cryptographic APIs. However, because encryption is a standard computational activity involved in processes, such as packing, unpacking, and polymorphism, the presence of cryptographic APIs does not necessarily indicate an imminent ransomware attack. Hence, relying solely on cryptographic APIs is insufficient for accurately determining a ransomware pre-encryption boundary. To this end, this paper is devoted to addressing this issue by proposing a Temporal Data Correlation method that associates cryptographic APIs with the I/O Request Packets (IRPs) based on the timestamp for pre-encryption boundary delineation. The process extracts the various features from the pre-encryption dataset for use in early detection model training. Several machine and deep learning classifiers are used to evaluate the accuracy of the proposed solution. Preliminary results show that this newly proposed approach can achieve higher detection accuracy compared to those reported elsewhere.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/9/4355/pdf

Reference44 articles.

1. Automated analysis approach for the detection of high survivable ransomware;Ahmed;KSII Trans. Internet Inf. Syst.,2020

2. Alghofaili, Y., Albattah, A., Alrajeh, N., Rassam, M.A., and Al-Rimy, B.A.S. (2021). Secure Cloud Infrastructure: A Survey on Issues, Current Solutions, and Open Challenges. Appl. Sci., 11.

3. An adaptive protection of flooding attacks model for complex network environments;Khalaf;Secur. Commun. Netw.,2021

4. Hussain, S., Mustafa, M.W., Al-Shqeerat, K.H.A., Saeed, F., and Al-Rimy, B.A.S. (2021). A Novel Feature-Engineered–NGBoost Machine-Learning Framework for Fraud Detection in Electric Power Consumption Data. Sensors, 21.

5. A Review of Anomaly Intrusion Detection Systems in IoT using Deep Learning Techniques;Alsoufi;Adv. Data Sci. Adapt. Anal.,2021

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Ransomware Early Detection Model based on an Enhanced Joint Mutual Information Feature Selection Method;Engineering, Technology & Applied Science Research;2024-08-02

2. Novel Ransomware Detection Exploiting Uncertainty and Calibration Quality Measures Using Deep Learning;Information;2024-05-05

3. eMIFS: A Normalized Hyperbolic Ransomware Deterrence Model Yielding Greater Accuracy and Overall Performance;Sensors;2024-03-07

4. Ransomware early detection: A survey;Computer Networks;2024-02

5. Ransomware Detection Techniques Using Machine Learning Methods;2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC);2024-01-08