使用选择性哈希的加密勒索软件检测

2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA) Pub Date : 2022-11-23 DOI:10.1109/ICECTA57148.2022.9990424

Anas AlMajali, Ahmad Qaffaf, Natali Alkayid, Y. Wadhawan

{"title":"使用选择性哈希的加密勒索软件检测","authors":"Anas AlMajali, Ahmad Qaffaf, Natali Alkayid, Y. Wadhawan","doi":"10.1109/ICECTA57148.2022.9990424","DOIUrl":null,"url":null,"abstract":"Ransomware is a malicious software that attempts to encrypt the user’s files and demand a ransom in exchange for decrypting the files. This malware may have catastrophic impacts on the availability of data and consequently on the services provided by the infected organizations and institutes. Ransomware detection has been a challenge for researchers in the past few years. In this paper, we propose a behavioral ransomware detection method that utilizes fast selective hashing techniques. By selective we mean that only few selected blocks from a file are used for similarity comparison. Our experimental results demonstrate the efficacy of the proposed method in ransonware detection in terms of detection time. For 1000 files of a total size of 20GB and a detection threshold set to five files, our proposed system is able to detect a ransomware on average within 2.76 seconds saving 99.5% of the total files without taking much of the system resources and affecting user experience.","PeriodicalId":337798,"journal":{"name":"2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Crypto-Ransomware Detection Using Selective Hashing\",\"authors\":\"Anas AlMajali, Ahmad Qaffaf, Natali Alkayid, Y. Wadhawan\",\"doi\":\"10.1109/ICECTA57148.2022.9990424\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ransomware is a malicious software that attempts to encrypt the user’s files and demand a ransom in exchange for decrypting the files. This malware may have catastrophic impacts on the availability of data and consequently on the services provided by the infected organizations and institutes. Ransomware detection has been a challenge for researchers in the past few years. In this paper, we propose a behavioral ransomware detection method that utilizes fast selective hashing techniques. By selective we mean that only few selected blocks from a file are used for similarity comparison. Our experimental results demonstrate the efficacy of the proposed method in ransonware detection in terms of detection time. For 1000 files of a total size of 20GB and a detection threshold set to five files, our proposed system is able to detect a ransomware on average within 2.76 seconds saving 99.5% of the total files without taking much of the system resources and affecting user experience.\",\"PeriodicalId\":337798,\"journal\":{\"name\":\"2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICECTA57148.2022.9990424\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICECTA57148.2022.9990424","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

勒索软件是一种恶意软件，它试图加密用户的文件，并要求赎金来换取解密文件。此恶意软件可能对数据的可用性产生灾难性影响，从而影响受感染的组织和机构提供的服务。在过去的几年里，勒索软件检测一直是研究人员面临的一个挑战。在本文中，我们提出了一种利用快速选择性哈希技术的行为勒索软件检测方法。通过选择性，我们的意思是从文件中只有少数选定的块用于相似性比较。实验结果证明了该方法在检测时间方面的有效性。对于总大小为20GB的1000个文件，检测阈值设置为5个文件，我们提出的系统能够在2.76秒内平均检测到勒索软件，节省了总文件的99.5%，而不会占用太多系统资源并影响用户体验。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Crypto-Ransomware Detection Using Selective Hashing

Ransomware is a malicious software that attempts to encrypt the user’s files and demand a ransom in exchange for decrypting the files. This malware may have catastrophic impacts on the availability of data and consequently on the services provided by the infected organizations and institutes. Ransomware detection has been a challenge for researchers in the past few years. In this paper, we propose a behavioral ransomware detection method that utilizes fast selective hashing techniques. By selective we mean that only few selected blocks from a file are used for similarity comparison. Our experimental results demonstrate the efficacy of the proposed method in ransonware detection in terms of detection time. For 1000 files of a total size of 20GB and a detection threshold set to five files, our proposed system is able to detect a ransomware on average within 2.76 seconds saving 99.5% of the total files without taking much of the system resources and affecting user experience.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)

自引率

0.00%

发文量