Lockout-Tagout Ransomware:A Detection Method for Ransomware using Fuzzy Hashing and Clustering

Abstract

Ransomware attacks are a prevalent cybersecurity threat to every user and enterprise today. This is attributed to their polymorphic behaviour and dispersion of inexhaustible versions due to the same ransomware family or threat actor. A certain ransomware family or threat actor repeatedly utilises nearly the same style or codebase to create a vast number of ransomware versions. Therefore, it is essential for users and enterprises to keep well-informed about this threat landscape and adopt proactive prevention strategies to minimise its spread and affects. This requires a technique to detect ransomware samples to determine the similarity and link with the known ransomware family or threat actor. Therefore, this paper presents a detection method for ransomware by employing a combination of a similarity preserving hashing method called fuzzy hashing and a clustering method. This detection method is applied on the collected WannaCry/WannaCryptor ransomware samples utilising a range of fuzzy hashing and clustering methods. The clustering results of various clustering methods are evaluated through the use of the internal evaluation indexes to determine the accuracy and consistency of their clustering results, thus the effective combination of fuzzy hashing and clustering method as applied to the particular ransomware corpus. The proposed detection method is a static analysis method, which requires fewer computational overheads and performs rapid comparative analysis with respect to other static analysis methods.

Publication DOI: https://doi.org/10.1109/SSCI44817.2019.9003148
Divisions: College of Engineering & Physical Sciences
Additional Information: © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Event Title: 2019 IEEE Symposium Series on Computational Intelligence, SSCI 2019
Event Type: Other
Event Dates: 2019-12-06 - 2019-12-09
Uncontrolled Keywords: agnes,clara,clustering,diana,fuzzy hashing,k-means,pam,ransomware,sdhash,similarity preserving hashing,ssdeep,wannacry,wannacryptor,Artificial Intelligence,Computer Science Applications,Modelling and Simulation
ISBN: 978-1-7281-2486-5, 9781728124858
Last Modified: 21 Mar 2024 08:07
Date Deposited: 19 Oct 2020 10:23
Full Text Link:
Related URLs: http://www.scop ... tnerID=8YFLogxK (Scopus URL)
https://ieeexpl ... ocument/9003148 (Publisher URL)
PURE Output Type: Conference contribution
Published Date: 2020-02-20
Accepted Date: 2019-12-01
Authors: Naik, Nitin (ORCID Profile 0000-0002-0659-9646)
Jenkins, Paul
Gillett, Jonathan
Mouratidis, Haralambos
Naik, Kshirasagar
Song, Jingping

Download

[img]

Version: Accepted Version

| Preview

Export / Share Citation


Statistics

Additional statistics for this record