2.1 Malware Detection Based On Opcode Frequency (2016)
2.1 Malware Detection Based On Opcode Frequency (2016)
2.1 Malware Detection Based On Opcode Frequency (2016)
2.4 A Novel Method for Recovery from Crypto Ransomware Infections (2016)
This research paper was presented by Mattias Wecksten, Jan Frick, Andreas
Sjostrom, Eric Jarpe Halmstad University Sweden in 2nd IEEE International
Conference on Computer and Communications. In this research paper they used
crypto ransomware methods not only for prevention, but also focuses on how to
recreate the files. By renaming the system tool that handles shadow copies it is
possible to recover from infections from all four of the most common Crypto
Ransomwares. The solution is packaged in a single, easy to use script. The solution
presented in this paper should be implemented alongside other recommended
techniques, such as an updated antivirus, a properly configured firewall, updated
operating system and software, and a proper backup scheme.
2.10 Tracking Ransomware Threat Actors using Fuzzy Hashing and Fuzzy C-
Means Clustering (2019)
This research paper was presented by Nitin Naik & Paul Jenkins, Defence School
of Communications and Information Systems, U.K. Nick Savage: School of
Computing, University of Portsmouth, U.K., Longzhi Yang: Department of
Computer and Information Sciences, Northumbria University, U.K. at IEEE
Cyberthreat Hunting.
This paper proposes an efficient fuzzy analysis approach to cluster ransomware
samples based on the combination of two fuzzy techniques fuzzy hashing and
fuzzy c-means (FCM) clustering. The performance of the proposed fuzzy method
is compared against k-means clustering and the two fuzzy hashing methods
SSDEEP and SDHASH which are evaluated based on their FCM clustering results
to understand how the similarity score affects the clustering results.
Publication/year Title Author Overview Challenges
International Malware Abhijit Yewale & They proposed a new method to Signature based antivirus system is not useful for
Conference on Detection Maninder Singh : detect malwares based on the unknown malware detection and they are facing
Advanced Based On Computer Science frequency of opcodes in the difficulties because of polymorphic viruses and
Communication Opcode and Engineering portable executable file. This zero-day attack. Signature based methods along
Control and Frequency Department research applied machine with machine learning algorithm should be
Computing . Thapar University learning algorithm to find false developed for unknown malware.
Technologies positives, false negatives, true They classified portable executable(PE) file into
(ICACCCT) positives and true negatives for two categories only as goodware and malware.
&IEEE 2016 malwares. Success rate is They should classify it further into Torjan,
96.67%. Spyware, Backdoor etc.
Cybersecurity and Detecting Chris Moore They researched on techniques While it is possible to deploy honeypot type fake
Cyber forensics Ransomw Computing and to implement a honeypot to folders with tripwire files for ransomware to
Conference & are with Media Services detect ransomware activity. and interact with, the nature of the decoy folders is
IEEE2016 Honeypot University of St selected two options, the File that there is no guarantee the malware would
techniques Mark & St John Screening service of the attempt to invade these areas, and therefore
Plymouth, England Microsoft File Server Resource bypassing this defense. This limited view of a
Manager feature and system is a disadvantage of honeypots, as a
EventSentry to manipulate the honeypot free from attack alerts is not an
Windows Security logs. The indicator that other areas are not being targeted.
research developed a staged
response to attacks to the
system along with thresholds
when there were triggered. The
research ascertained that
witness tripwire files offer
limited value as there is no way
to influence the malware to
access the area containing the
monitored files.
2016 2nd IEEE A Novel Mattias Wecksten, Using crypto ransomware The results show that with proper preventive
International Method Jan Frick, Andreas methods not only for measures the files encrypted with one of the four
Conference on for Sjostrom, Eric prevention, but also focuses on most commonly available Crypto Ransomwares
Computer and Recovery Jarpe Halmstad how to recreate the files. By can easily and automatically be restored to a state
Communications. from University Sweden renaming the system tool that before the encryption occurred. The solution
Crypto handles shadow copies it is presented in this paper should be implemented
Ransomw possible to recover from alongside other recommended techniques, such
are infections from all four of the as an updated antivirus, a properly configured
Infections most common Crypto firewall, updated operating system and software,
Ransomwares. The solution is and a proper backup scheme.
packaged in a single, easy to
use script.
IEEE 2018 Ransomw Shina Sheen, Application Programming the number of ransomware samples from virus
are Ashwitha Yadav Interface (API) calls are share was very huge, the number of benign files
detection “Department of extracted from the executables became a minority class which may lead to class
by mining Applied and the most discriminating API imbalance problem. Features extracted through
API call Mathematics and calls are used to train a dynamic analysis is also to be considered.
usage Computational classifier to detect unknown
Sciences” “PSG ransomware. It is seen that
College of Random forest with smote for
Technology” class imbalance has given a
Coimbatore, India detection rate of over 98%. A
large number of ransomware
samples have been analyzed and
the discriminating API calls
have been identified.
4th International Strategies Smruti Saxena , This paper explores the various Users can avoid the infections of ransomware by
Conference on for Hemant Kumar ransomware attack. In this updating vaccination system from time to time.
Advances in Ransomw Soni Department of paper they converse the analysis However, this method has limited efficacy. This
Electrical, are Computer Science of ransomware and the approach cannot trace modified ransomware with
Electronics, Removal and Engineering, suggested action against new pattern. Hence an active instead of a passive
Information, and Amity School of ransomware attack. This paper prevention method is required.
Communication Prevention Engineering and also discusses ransomware
and Bio- Technology, Amity removal and preventional
Informatics University Madhya methodology.
(AEEICB-18) Pradesh, Gwalior
IEEE 2017 Detection Daniel Gonzalez It discusses ransomware They don’t give any specific technique for
and Thaier Hayajneh methods of infection, prevention or recovery. They have not used any
Prevention Fordham Center for technology behind it and what specific dataset or method but tested already
of Crypto- Cybersecurity can be done to help prevent existing methods without suggesting new
Ransomw Fordham becoming the next victim. The changes
are University, New paper investigates the most
York, NY, USA common types of crypto-
ransomware, various payload
methods of infection, typical
behavior of crypto ransomware.
16th International Ransomw Ala Bahrani, Amir The proposed method uses It concludes that J48 and random forest
ISC Conference are Jalaly Bidgly process mining to discover the algorithms have the best accuracy to be used as
on Information detection Department of process model from the events the classifier in our proposed method. The study
Security and using computer logs, and then extracts features use process mining and classification algorithms
Cryptology process engineering and IT from this process model and could be useful for identifying other
(ISCISC 2019) mining University of Qom, using these features and ransomware. The proposed method can be
and Iran classification algorithms to extended to identify other malware. The
classificati classify ransomwares. This proposed method can also be extended to various
on paper shows that the use of operating systems such as Android, IOS etc.
algorithms classification algorithms along
with the process mining can be
suitable to identify ransomware.
2019 First IEEE An Abdulrahman This paper introduces To increase RanDetector precision, different
International Intelligent Alzahrani, Hani RanDetector, a new automated types of information should be added into dataset
Conference on Behavior- Alshahrani, Ali and lightweight system for to increase the number of features by considering
Trust, Privacy and Based Alshehri , and detecting ransomware dynamic analysis. Also other supervised
Security in Ransomw Huirong Fu applications in Android classification machine learning algorithms
Intelligent are Department of platform based on their should be added into consideration to guarantee
Systems and Detection Computer Science behavior. In particular, this the optimal precision and accuracy.
Applications System for and Engineering detection system investigates
(TPS-ISA) Android Oakland University the appearance of some
Platform Rochester, information that is related to
Michigan 48309. ransomware operations in an
inspected application before
integrating some supervised
machine learning models to
classify the application.
IEEE 2019 Triaging Nitin Naik & Paul This paper presents an This paper presents an evaluation of fuzzy
Cyberthreat Ransomw Jenkins, Defence evaluation of fuzzy hashing, hashing, import hashing and YARA rules, for
Hunting - Part 1 are using School of import hashing and YARA triaging the four most pertinent ransomware
Fuzzy Communications rules, for triaging the four most categories WannaCry, Locky, Cerber and
Hashing, and Information pertinent ransomware categories CryptoWall. It evaluates their triaging
Import Systems, U.K. WannaCry, Locky, Cerber and performance and run-time system performance,
Hashing Nick Savage: CryptoWall. It evaluates their highlighting the limitations of each method
and School of triaging performance and run-
YARA Computing, time system performance,
Rules University of highlighting the limitations of
Portsmouth, U.K. each method
Longzhi Yang
:Department of
Computer and
Information
Sciences,
Northumbria
University, U.K.
IEEE 2019 Tracking Nitin Naik & Paul This paper proposes an efficient this evaluation found some of the lowest values
Cyberthreat Ransomw Jenkins, Defence fuzzy analysis approach to of performance metrics for the SDHASH
Hunting - Part 2 are Threat School of cluster ransomware samples method, which indicated the poor data quality
Actors Communications based on the combination of (i.e. insignificant similarity scores). This was
using and Information two fuzzy techniques fuzzy verified through the analysis of the SDHASH
Fuzzy Systems, U.K. hashing and fuzzy c-means results manually. It was discovered that several
Hashing Nick Savage: (FCM) clustering. The SDHASH similarity scores are trivial and in the
and Fuzzy School of performance of the proposed range of 1 to 10%, this could have affected the
C-Means Computing, fuzzy method is compared evaluation metrics and quality of clustering
Clustering University of against k-means clustering and
Portsmouth, U.K. the two fuzzy hashing methods
Longzhi Yang SSDEEP and SDHASH which
:Department of are evaluated based on their
Computer and FCM clustering results to
Information understand how the similarity
Sciences, score affects the clustering
Northumbria results.
University, U.K.