On Deception-Based Protection Against Cryptographic Ransomware

Genç, Ziya Alper; Lenzini, Gabriele; Sgandurra, Daniele

doi:10.1007/978-3-030-22038-9_11

Reference : On Deception-Based Protection Against Cryptographic Ransomware


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/40579

Title :	On Deception-Based Protection Against Cryptographic Ransomware
Language :	English
Author, co-author :	Genç, Ziya Alper [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Lenzini, Gabriele [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Sgandurra, Daniele []
Publication date :	2019
Main document title :	Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
Publisher :	Springer
Pages :	219-239
Peer reviewed :	Yes
On invitation :	No
Audience :	International
ISBN :	978-3-030-22037-2
City :	Cham
Country :	Switzerland
Event name :	16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2019)
Event date :	June 19-20, 2019
Event organizer :	University of Gothenburg
	Chalmers University of Technology
Event place (city) :	Gothenburg
Event country :	Sweden
Keywords :	[en] Ransomware ; Cryptographic ; Malware ; Deception ; Decoy
Abstract :	[en] In order to detect malicious file system activity, some commercial and academic anti-ransomware solutions implement deception-based techniques, specifically by placing decoy files among user files. While this approach raises the bar against current ransomware, as any access to a decoy file is a sign of malicious activity, the robustness of decoy strategies has not been formally analyzed and fully tested. In this paper, we analyze existing decoy strategies and discuss how they are effective in countering current ransomware by defining a set of metrics to measure their robustness. To demonstrate how ransomware can identify existing deception-based detection strategies, we have implemented a proof-of-concept anti-decoy ransomware that successfully bypasses decoys by using a decision engine with few rules. Finally, we discuss existing issues in decoy-based strategies and propose practical solutions to mitigate them.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Funders :	Fonds National de la Recherche - FnR ; EU's Horizon 2020 Research and Innovation Programme
Target :	Researchers ; Professionals ; Students ; General public
Permalink :	http://hdl.handle.net/10993/40579
DOI :	10.1007/978-3-030-22038-9_11
Other URL :	https://link.springer.com/chapter/10.1007/978-3-030-22038-9_11
Commentary :	The prototype designed in this paper is available at https://github.com/ziyagenc/decoy-updater.
Framework Programme / European Project :	H2020 ; 779391 - FutureTPM - Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module
FnR project :	FnR ; FNR13234766 > Gabriele Lenzini > NoCry PoC > No More Cryptographic Ransomware, Proof of Concept > 01/11/2018 > 31/10/2020 > 2018

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	dimva2019_GLS.pdf		Author postprint	496.44 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices