Danyil Zhuravchak, V. Dudykevych, Anastasiia Tolkachova
{"title":"STUDY OF THE STRUCTURE OF THE SYSTEM FOR DETECTING AND PREVENTING RANSOMWARE ATTACKS BASED ON ENDPOINT DETECTION AND RESPONSE","authors":"Danyil Zhuravchak, V. Dudykevych, Anastasiia Tolkachova","doi":"10.28925/2663-4023.2023.19.6982","DOIUrl":null,"url":null,"abstract":"The paper discusses the challenges and limitations of current ransomware detection and prevention systems, as well as potential future developments in the field. One key challenge is the constantly evolving nature of ransomware attacks, which requires systems to be regularly updated and adapted to stay effective. Another challenge is the need for systems to be able to distinguish between legitimate and malicious software, as well as different types of ransomware. To address these challenges, the paper proposes a number of functional and non-functional requirements for ransomware detection and counteraction systems. These include the ability to detect and respond to attacks in real time or close to it, the ability to analyze and classify different types of ransomware, and the ability to integrate with other security systems and tools. Additionally, non-functional requirements such as scalability, performance, and security should also be considered.The paper also presents a detailed analysis of the different types of ransomware detection and counteraction systems currently available, including intrusion detection systems (IDS), endpoint detection and response (EDR), and modern antiviruses. It also provides a comparison of their strengths and weaknesses, and a classification of existing solutions according to their similarity. Finally, the paper presents an evaluation algorithm for assessing the quality of products for detecting and countering ransomware. The algorithm is based on a set of functional and non-functional requirements and is designed to provide a comprehensive and objective assessment of the capabilities of different systems. The algorithm is validated through a series of tests and experiments, which demonstrate its effectiveness in identifying the best solutions for detecting and countering ransomware. Overall, this paper provides valuable insights and practical guidance for organizations looking to improve their defenses against ransomware attacks.","PeriodicalId":198390,"journal":{"name":"Cybersecurity: Education, Science, Technique","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity: Education, Science, Technique","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.28925/2663-4023.2023.19.6982","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The paper discusses the challenges and limitations of current ransomware detection and prevention systems, as well as potential future developments in the field. One key challenge is the constantly evolving nature of ransomware attacks, which requires systems to be regularly updated and adapted to stay effective. Another challenge is the need for systems to be able to distinguish between legitimate and malicious software, as well as different types of ransomware. To address these challenges, the paper proposes a number of functional and non-functional requirements for ransomware detection and counteraction systems. These include the ability to detect and respond to attacks in real time or close to it, the ability to analyze and classify different types of ransomware, and the ability to integrate with other security systems and tools. Additionally, non-functional requirements such as scalability, performance, and security should also be considered.The paper also presents a detailed analysis of the different types of ransomware detection and counteraction systems currently available, including intrusion detection systems (IDS), endpoint detection and response (EDR), and modern antiviruses. It also provides a comparison of their strengths and weaknesses, and a classification of existing solutions according to their similarity. Finally, the paper presents an evaluation algorithm for assessing the quality of products for detecting and countering ransomware. The algorithm is based on a set of functional and non-functional requirements and is designed to provide a comprehensive and objective assessment of the capabilities of different systems. The algorithm is validated through a series of tests and experiments, which demonstrate its effectiveness in identifying the best solutions for detecting and countering ransomware. Overall, this paper provides valuable insights and practical guidance for organizations looking to improve their defenses against ransomware attacks.