当前位置:
X-MOL 学术
›
Crime Science
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Ransomware deployment methods and analysis: views from a predictive model and human responses
Crime Science Pub Date : 2019-02-12 , DOI: 10.1186/s40163-019-0097-9 Gavin Hull , Henna John , Budi Arief
Crime Science Pub Date : 2019-02-12 , DOI: 10.1186/s40163-019-0097-9 Gavin Hull , Henna John , Budi Arief
Ransomware incidents have increased dramatically in the past few years. The number of ransomware variants is also increasing, which means signature and heuristic-based detection techniques are becoming harder to achieve, due to the ever changing pattern of ransomware attack vectors. Therefore, in order to combat ransomware, we need a better understanding on how ransomware is being deployed, its characteristics, as well as how potential victims may react to ransomware incidents. This paper aims to address this challenge by carrying out an investigation on 18 families of ransomware, leading to a model for categorising ransomware behavioural characteristics, which can then be used to improve detection and handling of ransomware incidents. The categorisation was done in respect to the stages of ransomware deployment methods with a predictive model we developed called Randep. The stages are fingerprint, propagate, communicate, map, encrypt, lock, delete and threaten. Analysing the samples gathered for the predictive model provided an insight into the stages and timeline of ransomware execution. Furthermore, we carried out a study on how potential victims (individuals, as well as IT support staff at universities and SMEs) detect that ransomware was being deployed on their machine, what steps they took to investigate the incident, and how they responded to the attack. Both quantitative and qualitative data were collected through questionnaires and in-depth interviews. The results shed an interesting light into the most common attack methods, the most targeted operating systems and the infection symptoms, as well as recommended defence mechanisms. This information can be used in the future to create behavioural patterns for improved ransomware detection and response.
中文翻译:
勒索软件的部署方法和分析:来自预测模型和人类响应的观点
在过去几年中,勒索软件事件急剧增加。勒索软件变体的数量也在增加,这意味着由于勒索软件攻击媒介的模式不断变化,基于签名和基于启发式的检测技术变得越来越难以实现。因此,为了与勒索软件作斗争,我们需要更好地了解勒索软件的部署方式,特征以及潜在的受害者如何对勒索软件事件做出反应。本文旨在通过对18个勒索软件家族进行调查来解决这一挑战,从而建立一个模型,对勒索软件的行为特征进行分类,然后将其用于改进勒索软件事件的检测和处理。根据勒索软件部署方法的各个阶段,使用我们开发的预测模型Randep进行了分类。这些阶段包括指纹,传播,通信,映射,加密,锁定,删除和威胁。通过分析为预测模型收集的样本,可以深入了解勒索软件执行的阶段和时间表。此外,我们进行了一项研究,研究潜在的受害者(个人以及大学和中小型企业的IT支持人员)如何检测到勒索软件已部署在他们的计算机上,他们采取了哪些步骤来调查此事件以及如何应对该事件。攻击。通过问卷调查和深入访谈收集了定量和定性数据。结果为最常见的攻击方法提供了有趣的启示,最有针对性的操作系统和感染症状,以及推荐的防御机制。将来可以使用此信息来创建行为模式,以改进勒索软件的检测和响应。
更新日期:2019-02-12
中文翻译:
勒索软件的部署方法和分析:来自预测模型和人类响应的观点
在过去几年中,勒索软件事件急剧增加。勒索软件变体的数量也在增加,这意味着由于勒索软件攻击媒介的模式不断变化,基于签名和基于启发式的检测技术变得越来越难以实现。因此,为了与勒索软件作斗争,我们需要更好地了解勒索软件的部署方式,特征以及潜在的受害者如何对勒索软件事件做出反应。本文旨在通过对18个勒索软件家族进行调查来解决这一挑战,从而建立一个模型,对勒索软件的行为特征进行分类,然后将其用于改进勒索软件事件的检测和处理。根据勒索软件部署方法的各个阶段,使用我们开发的预测模型Randep进行了分类。这些阶段包括指纹,传播,通信,映射,加密,锁定,删除和威胁。通过分析为预测模型收集的样本,可以深入了解勒索软件执行的阶段和时间表。此外,我们进行了一项研究,研究潜在的受害者(个人以及大学和中小型企业的IT支持人员)如何检测到勒索软件已部署在他们的计算机上,他们采取了哪些步骤来调查此事件以及如何应对该事件。攻击。通过问卷调查和深入访谈收集了定量和定性数据。结果为最常见的攻击方法提供了有趣的启示,最有针对性的操作系统和感染症状,以及推荐的防御机制。将来可以使用此信息来创建行为模式,以改进勒索软件的检测和响应。
京公网安备 11010802027423号