Back
  1. Home
  3. Detailled Reference
Download
Paper published in a book (Scientific congresses, symposiums and conference proceedings)
On Deception-Based Protection Against Cryptographic Ransomware
Genç, Ziya Alper; Lenzini, Gabriele; Sgandurra, Daniele
2019In Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
Peer reviewed
Permalink
https://hdl.handle.net/10993/40579
DOI
10.1007/978-3-030-22038-9_11
 

Files (1)Send toDetailsStatisticsBibliographySimilar publications

Files

Full Text
dimva2019_GLS.pdf
Author postprint (508.36 kB)
Download

All documents in ORBilu are protected by a user license.

Send to


Details


Keywords :
Ransomware; Cryptographic; Malware; Deception; Decoy
Abstract :
[en] In order to detect malicious file system activity, some commercial and academic anti-ransomware solutions implement deception-based techniques, specifically by placing decoy files among user files. While this approach raises the bar against current ransomware, as any access to a decoy file is a sign of malicious activity, the robustness of decoy strategies has not been formally analyzed and fully tested. In this paper, we analyze existing decoy strategies and discuss how they are effective in countering current ransomware by defining a set of metrics to measure their robustness. To demonstrate how ransomware can identify existing deception-based detection strategies, we have implemented a proof-of-concept anti-decoy ransomware that successfully bypasses decoys by using a decision engine with few rules. Finally, we discuss existing issues in decoy-based strategies and propose practical solutions to mitigate them.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Disciplines :
Computer science
Author, co-author :
Genç, Ziya Alper ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Lenzini, Gabriele ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Sgandurra, Daniele
External co-authors :
yes
Language :
English
Title :
On Deception-Based Protection Against Cryptographic Ransomware
Publication date :
2019
Event name :
16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2019)
Event organizer :
University of Gothenburg
Chalmers University of Technology
Event place :
Gothenburg, Sweden
Event date :
June 19-20, 2019
Audience :
International
Main work title :
Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
Publisher :
Springer, Cham, Switzerland
ISBN/EAN :
978-3-030-22037-2
Pages :
219-239
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Additional URL :
https://link.springer.com/chapter/10.1007/978-3-030-22038-9_11
European Projects :
H2020 - 779391 - FutureTPM - Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module
FnR Project :
FNR13234766 - No More Cryptographic Ransomware, Proof Of Concept, 2018 (01/11/2018-31/01/2021) - Gabriele Lenzini
Funders :
FNR - Fonds National de la Recherche [LU]
EU's Horizon 2020 Research and Innovation Programme
CE - Commission Européenne [BE]
Commentary :
The prototype designed in this paper is available at https://github.com/ziyagenc/decoy-updater.
Available on ORBilu :
since 02 October 2019

Statistics

Number of views
203 (15 by Unilu)
Number of downloads
701 (11 by Unilu)
More statistics
Scopus citations®
 
18
Scopus citations®
without self-citations
16
OpenCitations
 
7
WoS citations
 
16

Bibliography

Similar publications


Contact ORBilu