Skip to main content

A Roadmap for Improving the Impact of Anti-Ransomware Research

Pont, Jamie, Abu Oun, Osama, Brierley, Calvin, Arief, Budi, Hernandez-Castro, Julio C. (2019) A Roadmap for Improving the Impact of Anti-Ransomware Research. In: Askarov, Aslan and Hansen, René Rydhof and Rafnsson, Willard, eds. Lecture Notes in Computer Science. Secure IT Systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings. 11875. Springer ISBN 978-3-030-35054-3. (doi:10.1007/978-3-030-35055-0_9) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided)

PDF - Author's Accepted Manuscript
Restricted to Repository staff only until 12 November 2020.
Contact us about this Publication Download (966kB)
[img]
Official URL
https://doi.org/10.1007/978-3-030-35055-0_9

Abstract

Ransomware is a type of malware which restricts access to a victim’s computing resources and demands a ransom in order to restore access. This is a continually growing and costly threat across the globe, therefore efforts have been made both in academia and industry to develop techniques that can help to detect and recover from ransomware attacks. This paper aims to provide an overview of the current landscape of Windows-based anti-ransomware tools and techniques, using a clear, simple and consistent terminology in terms of Data Sources, Processing and Actions. We extensively analysed relevant literature so that, to the best of our knowledge, we had at the time covered all approaches taken to detect and recover from ransomware attacks. We grouped these techniques according to their main features as a way to understand the landscape. We then selected 15 existing anti-ransomware tools both to examine how they fit into this landscape and to compare them by aggregating their accuracy and overhead – two of the most important selection criteria of these tools – as reported by the tools’ respective authors. We were able to determine popular solutions and unexplored gaps that could lead to promising areas of anti-ransomware development. From there, we propose two novel detection techniques, namely serial byte correlation and edit distance. This paper serves as a much needed roadmap of knowledge and ideas to systematise the current landscape of anti-ransomware tools.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1007/978-3-030-35055-0_9
Uncontrolled keywords: ransomware, anti-ransomware, detection, recovery
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Budi Arief
Date Deposited: 01 Oct 2019 12:47 UTC
Last Modified: 12 Dec 2019 14:17 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/76942 (The current URI for this page, for reference purposes)
Arief, Budi: https://orcid.org/0000-0002-1830-1587
Hernandez-Castro, Julio C.: https://orcid.org/0000-0002-6432-5328
  • Depositors only (login required):

Downloads

Downloads per month over past year