STUDY OF THE STRUCTURE OF THE SYSTEM FOR DETECTING AND PREVENTING RANSOMWARE ATTACKS BASED ON ENDPOINT DETECTION AND RESPONSE-Reference-Cited by-同舟云学术

STUDY OF THE STRUCTURE OF THE SYSTEM FOR DETECTING AND PREVENTING RANSOMWARE ATTACKS BASED ON ENDPOINT DETECTION AND RESPONSE

Published:2023 Issue:19 Volume:3 Page:69-82
ISSN:2663-4023
Container-title:Cybersecurity: Education, Science, Technique
language:
Short-container-title:Cybersecurity

Author:

Zhuravchak Danyil^ORCID,Dudykevych Valerii^ORCID,Tolkachova Anastasiia^ORCID

Abstract

The paper discusses the challenges and limitations of current ransomware detection and prevention systems, as well as potential future developments in the field. One key challenge is the constantly evolving nature of ransomware attacks, which requires systems to be regularly updated and adapted to stay effective. Another challenge is the need for systems to be able to distinguish between legitimate and malicious software, as well as different types of ransomware. To address these challenges, the paper proposes a number of functional and non-functional requirements for ransomware detection and counteraction systems. These include the ability to detect and respond to attacks in real time or close to it, the ability to analyze and classify different types of ransomware, and the ability to integrate with other security systems and tools. Additionally, non-functional requirements such as scalability, performance, and security should also be considered.The paper also presents a detailed analysis of the different types of ransomware detection and counteraction systems currently available, including intrusion detection systems (IDS), endpoint detection and response (EDR), and modern antiviruses. It also provides a comparison of their strengths and weaknesses, and a classification of existing solutions according to their similarity. Finally, the paper presents an evaluation algorithm for assessing the quality of products for detecting and countering ransomware. The algorithm is based on a set of functional and non-functional requirements and is designed to provide a comprehensive and objective assessment of the capabilities of different systems. The algorithm is validated through a series of tests and experiments, which demonstrate its effectiveness in identifying the best solutions for detecting and countering ransomware. Overall, this paper provides valuable insights and practical guidance for organizations looking to improve their defenses against ransomware attacks.

Publisher

Borys Grinchenko Kyiv University

Subject

General Medicine

Reference12 articles.

1. ESET - official website. Eset antivirus programs in Ukraine. ESET. https://www.eset.com/ua/

2. Now Available: Cisco Security Connector for iOS. Cisco Blogs. https://blogs.cisco.com/security/now-available-cisco-security-connector-for-ios

3. SentinelOne. Autonomous AI Endpoint Security Platform. SentinelOne DE. https://www.sentinelone.com/

4. Majors, C., Miranda, G., Fong-Jones, L. (2022). Observability Engineering: Achieving Production Excellence. O'Reilly Media, Incorporated.

5. A New Paradigm For Cyber Threat Hunting. (2018, 11 of June). The Hacker News. https://thehackernews.com/2018/06/cyber-threat-hunting.html

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Real-Time Ransomware Detection by Using eBPF and Natural Language Processing and Machine Learning;2023 IEEE 5th International Conference on Advanced Information and Communication Technologies (AICT);2023-11-21

2. ZERO TRUST CONCEPT FOR ACTIVE DIRECTORY PROTECTION TO DETECT RANSOMWARE;Cybersecurity: Education, Science, Technique;2023

3. AN INTEGRATED APPROACH TO CYBERSECURITY AND CYBERCRIME INVESTIGATION OF CRITICAL INFRASTRUCTURE THROUGH A RANSOMWARE INCIDENT MONITORING SYSTEM;Cybersecurity: Education, Science, Technique;2023