Pont, Jamie, Abu Oun, Osama, Brierley, Calvin, Arief, Budi, Hernandez-Castro, Julio C. (2019) A Roadmap for Improving the Impact of Anti-Ransomware Research. In: Askarov, Aslan and Hansen, René Rydhof and Rafnsson, Willard, eds. Lecture Notes in Computer Science. Secure IT Systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings. 11875. Springer ISBN 978-3-030-35054-3. (doi:10.1007/978-3-030-35055-0_9) (KAR id:76942)
PDF
Author's Accepted Manuscript
Language: English |
|
Download this file (PDF/912kB) |
Preview |
Request a format suitable for use with assistive technology e.g. a screenreader | |
Official URL: https://doi.org/10.1007/978-3-030-35055-0_9 |
Abstract
Ransomware is a type of malware which restricts access to a victim’s computing resources and demands a ransom in order to restore access. This is a continually growing and costly threat across the globe, therefore efforts have been made both in academia and industry to develop techniques that can help to detect and recover from ransomware attacks. This paper aims to provide an overview of the current landscape of Windows-based anti-ransomware tools and techniques, using a clear, simple and consistent terminology in terms of Data Sources, Processing and Actions. We extensively analysed relevant literature so that, to the best of our knowledge, we had at the time covered all approaches taken to detect and recover from ransomware attacks. We grouped these techniques according to their main features as a way to understand the landscape. We then selected 15 existing anti-ransomware tools both to examine how they fit into this landscape and to compare them by aggregating their accuracy and overhead – two of the most important selection criteria of these tools – as reported by the tools’ respective authors. We were able to determine popular solutions and unexplored gaps that could lead to promising areas of anti-ransomware development. From there, we propose two novel detection techniques, namely serial byte correlation and edit distance. This paper serves as a much needed roadmap of knowledge and ideas to systematise the current landscape of anti-ransomware tools.
Item Type: | Conference or workshop item (Proceeding) |
---|---|
DOI/Identification number: | 10.1007/978-3-030-35055-0_9 |
Uncontrolled keywords: | ransomware, anti-ransomware, detection, recovery |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | Budi Arief |
Date Deposited: | 01 Oct 2019 12:47 UTC |
Last Modified: | 05 Nov 2024 12:41 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/76942 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):