research-article

Public Access

Ran$Net: An Anti-Ransomware Methodology based on Cache Monitoring and Deep Learning

Authors:

Yunsi FeiAuthors Info & Claims

GLSVLSI '22: Proceedings of the Great Lakes Symposium on VLSI 2022

Pages 487 - 492

https://doi.org/10.1145/3526241.3530830

Published: 06 June 2022 Publication History

PDF eReader

Abstract

Ransomware has become a serious threat in the cyberspace. Existing software pattern-based malware detectors are specific for certain ransomware and may not capture new variants. Recognizing a common essential behavior of ransomware - employing local cryptographic software for malicious encryption and therefore leaving footprints on the victim machine's caches, this work proposes an anti-ransomware methodology, Ran$Net, based on hardware activities. It consists of a passive cache monitor to log suspicious cache activities, and a follow-on non-profiled deep learning analysis strategy to retrieve the secret cryptographic key from the timing traces generated by the monitor. We implement the first of its kind tool to combat an open-source ransomware and successfully recover the secret key.

Supplementary Material

MP4 File (GSLVLSI_2022.mp4)

A short video for Ran$Net. Ran$Net is An Anti-Ransomware Methodology based on Cache Monitoring and Deep Learning. It consists of a passive cache monitor to log suspicious cache activities, and a follow-on non-profiled deep learning analysis strategy to retrieve the secret cryptographic key from the timing traces generated by the monitor.

Download
27.38 MB

References

[1]

Internet Crime Complaint Center. 2021. Internet Crime report 2020. https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf.

Google Scholar

[2]

Casey Crane. 2020. Recent ransomware attacks. https://www.thesslstore.com/blog/recent-ransomware-attacks-latest-ransomware-attack-news/.

Google Scholar

[3]

P. R. Lakshmi Eswari and N. Sarat Chandra Babu. 2012. A practical business security framework to combat malware threat. In World Congress on Internet Security (WorldCIS-2012). 77--80.

Google Scholar

[4]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+Flush: A Fast and Stealthy Cache Attack. In Detection of Intrusions and Malware, and Vulnerability Assessment. 279--299.

Google Scholar

[5]

Kai Huang, Yanfang Ye, and Qinshan Jiang. 2009. ISMCS: An intelligent instruction sequence based malware categorization system. In 2009 3rd International Conference on Anti-counterfeiting, Security, and Identification in Communication. 509--512. https://doi.org/10.1109/ICASID.2009.5276989

Crossref

Google Scholar

[6]

Jonghoon Kwon and Heejo Lee. 2012. BinGraph: Discovering mutant malware using hierarchical semantic signatures. In 2012 7th International Conference on Malicious and Unwanted Software. 104--111. https://doi.org/10.1109/MALWARE.2012.6461015

Digital Library

Google Scholar

[7]

Philip O'Kane, Sakir Sezer, and Kieran McLaughlin. 2011. Obfuscation: The Hidden Malware. IEEE Security Privacy 9, 5 (2011), 41--47. https://doi.org/10.1109/MSP.2011.98

Digital Library

Google Scholar

[8]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache Attacks and Countermeasures: The Case of AES. In Topics in Cryptology, David Pointcheval (Ed.). 1--20.

Google Scholar

[9]

Colin Percival. 2005. Cache Missing for Fun and Profit. In In Proc. of BSDCan.

Google Scholar

[10]

Benjamin Timon. 2019. Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems (2019), 107--131.

Google Scholar

[11]

Xabier Ugarte-Pedrero, Mariano Graziano, and Davide Balzarotti. 2019. A Close Look at a Daily Dataset of Malware Samples. ACM Trans. Priv. Secur. 22, 1, Article 6 (jan 2019), 30 pages. https://doi.org/10.1145/3291061

Digital Library

Google Scholar

[12]

Leon Voerman. 2021. Open-Source Ransomware As A Service for Linux, MacOS and Windows. https://github.com/leonv024/RAASNet.

Google Scholar

[13]

Wei Yan, Zheng Zhang, and Nirwan Ansari. 2008. Revealing Packed Malware. IEEE Security Privacy 6, 5 (2008), 65--69. https://doi.org/10.1109/MSP.2008.126

Digital Library

Google Scholar

[14]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In USENIX Security Symp. 719--732. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom

Google Scholar

Cited By

View all

McIntosh TSusnjak TLiu TXu DWatters PLiu DHao YNg AHalgamuge M(2024)Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data ExfiltrationACM Computing Surveys10.1145/369134057:1(1-40)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3691340
Wadho SYichiet AGan MLee CAli SAkbar R(2024)Ransomware Detection Techniques Using Machine Learning Methods2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC)10.1109/KHI-HTC60760.2024.10482228(1-6)Online publication date: 8-Jan-2024
https://doi.org/10.1109/KHI-HTC60760.2024.10482228

Index Terms

Ran$Net: An Anti-Ransomware Methodology based on Cache Monitoring and Deep Learning
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures
  2. Software and application security
    1. Software security engineering

Recommendations

Preventing Ransomware: Understand, prevent, and remediate ransomware attacks
Ransomware early detection using deep reinforcement learning on portable executable header
Abstract
With the increasing number of ransomware attacks on critical infrastructures, there is an urgent need to develop effective systems that can detect ransomware early. In order to achieve this objective, many detection solutions rely on machine ...
A Review on Android Ransomware Detection Using Deep Learning Techniques
MEDES '19: Proceedings of the 11th International Conference on Management of Digital EcoSystems

In the past few years Android becomes prominent operating systems attracting many people. It is not only attracting users but also attackers to implement and spread malicious data onto our phones or tablets. Android Ransomware is one of the most ...

Comments

Information & Contributors

Information

Published In

GLSVLSI '22: Proceedings of the Great Lakes Symposium on VLSI 2022

June 2022

560 pages

ISBN:9781450393225

DOI:10.1145/3526241

General Chairs:
Ioannis Savidis
Drexel University, USA
,
Avesta Sasan
University of California, Davis, USA
,
Program Chairs:
Himanshu Thapliyal
University of Tennessee, Knoxville, USA
,
Ronald F. DeMara
University of Central Florida, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation
Center for Hardware and Embedded System Security and Trust

Conference

GLSVLSI '22

Sponsor:

SIGDA

GLSVLSI '22: Great Lakes Symposium on VLSI 2022

June 6 - 8, 2022

CA, Irvine, USA

Acceptance Rates

Overall Acceptance Rate 312 of 1,156 submissions, 27%

Upcoming Conference

GLSVLSI '25

Sponsor:
sigda

Great Lakes Symposium on VLSI 2025

June 30 - July 2, 2025

New Orleans , LA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
261
Total Downloads

Downloads (Last 12 months)128
Downloads (Last 6 weeks)23

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

McIntosh TSusnjak TLiu TXu DWatters PLiu DHao YNg AHalgamuge M(2024)Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data ExfiltrationACM Computing Surveys10.1145/369134057:1(1-40)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3691340
Wadho SYichiet AGan MLee CAli SAkbar R(2024)Ransomware Detection Techniques Using Machine Learning Methods2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC)10.1109/KHI-HTC60760.2024.10482228(1-6)Online publication date: 8-Jan-2024
https://doi.org/10.1109/KHI-HTC60760.2024.10482228

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Preventing Ransomware: Understand, prevent, and remediate ransomware attacks

Ransomware early detection using deep reinforcement learning on portable executable header

A Review on Android Ransomware Detection Using Deep Learning Techniques

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF

eReader

Login options

Full Access

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

Preventing Ransomware: Understand, prevent, and remediate ransomware attacks

Ransomware early detection using deep reinforcement learning on portable executable header

A Review on Android Ransomware Detection Using Deep Learning Techniques

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations