Skip to main content
SpringerLink
Log in

Watch Out! Doxware on the Way...

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12026))

Included in the following conference series:

Abstract

From spyware to ransomware to leakware, the world is on the verge of getting struck by a myriad of advanced attacks. Security researchers’ main objective is protecting the assets that a person/company possesses. They are in a constant battle in this cyber war facing attackers’ malicious intents. To compete in this arm race against security breaches, we propose an insight into plausible attacks especially Doxware (called also leakware). We present a quantification model that explores Windows file system in search of valuable data. It is based on some solutions provided in the literature for natural language processing such as term frequency-inverse document frequency (TF-IDF). The best top 15 file “contestants” will be then exfiltrated over the Internet to the attacker’s server. Our approach delivers an observation of the evolution of malware throughout the last years. It enables users to prevent their sensitive information being exposed to potential risks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Data Protection and Privacy across sectors and borders. https://bit.ly/2D2r77M

  2. Internet Security Threat Report by Symantec. https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-executive-summary-en.pdf

  3. New ransomware program threatens to publish user files. https://www.computerworld.com/article/3002120/new-ransomware-program-threatens-to-publish-user-files.html

  4. Ahmed, J., Gharakheili, H.H., Russell, C., Sivaraman, V.: Real-time detection of DNS exfiltration and tunneling from enterprise networks. In: Proceedings of IFIP/IEEE IM, Washington DC, USA (2019)

    Google Scholar 

  5. Al-Bataineh, A., White, G.: Analysis and detection of malicious data exfiltration in web traffic. In: 2012 7th International Conference on Malicious and Unwanted Software, pp. 26–31. IEEE (2012)

    Google Scholar 

  6. Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: ACM SIGPLAN Notices, vol. 49, no. 6, pp. 259–269 (2014)

    Google Scholar 

  7. Bartlett, M.S., Littlewort, G., Frank, M., Lainscsek, C., Fasel, I., Movellan, J.: Recognizing facial expression: machine learning and application to spontaneous behavior. In: 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2005), vol. 2, pp. 568–573. IEEE (2005)

    Google Scholar 

  8. Bond, M., Danezis, G.: A pact with the devil. In: Proceedings of the 2006 Workshop on New Security Paradigms, pp. 77–82. ACM (2006)

    Google Scholar 

  9. Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)

    Article  Google Scholar 

  10. Ensey, C.: Ransomware has evolved, and its name is doxware. DARKReading. InformationWeek Business Technology Network (2017)

    Google Scholar 

  11. Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576–587. ACM (2014)

    Google Scholar 

  12. Giani, A., Berk, V.H., Cybenko, G.V.: Data exfiltration and covert channels. In: Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense V, vol. 6201, p. 620103. International Society for Optics and Photonics (2006)

    Google Scholar 

  13. Graa, M., Cuppens-Boulahia, N., Cuppens, F., Lanet, J.-L., Moussaileb, R.: Detection of side channel attacks based on data tainting in android systems. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 205–218. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_14

    Chapter  Google Scholar 

  14. Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: \(\{\)UNVEIL\(\}\): a large-scale, automated approach to detecting ransomware. In: 25th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 16), pp. 757–772 (2016)

    Google Scholar 

  15. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1

    Chapter  Google Scholar 

  16. Liu, Y., Corbett, C., Chiang, K., Archibald, R., Mukherjee, B., Ghosal, D.: Detecting sensitive data exfiltration by an insider attack. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, CSIIRW 2008, pp. 16:1–16:3. ACM, New York (2008). https://doi.org/10.1145/1413140.1413159

  17. Loginova, N., Trofimenko, E., Zadereyko, O., Chanyshev, R.: Program-technical aspects of encryption protection of users’ data. In: 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET), pp. 443–445. IEEE (2016)

    Google Scholar 

  18. Lueders, S., et al.: Computer security: enter the next level: Doxware (2017)

    Google Scholar 

  19. Luo, X., Liao, Q.: Awareness education as the key to ransomware prevention. Inf. Syst. Secur. 16(4), 195–202 (2007)

    Article  Google Scholar 

  20. Nadir, I., Bakhshi, T.: Contemporary cybercrime: a taxonomy of ransomware threats & mitigation techniques. In: 2018 International Conference on Computing, Mathematics and Engineering Technologies (iCoMET), pp. 1–7. IEEE (2018)

    Google Scholar 

  21. Ramos, J., et al.: Using TF-IDF to determine word relevance in document queries. In: Proceedings of the First Instructional Conference on Machine Learning, Piscataway, NJ, vol. 242, pp. 133–142 (2003)

    Google Scholar 

  22. Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312. IEEE (2016)

    Google Scholar 

  23. Sherer, J.A., McLellan, M.L., Fedeles, E.R., Sterling, N.L.: Ransonware-practical and legal considerations for confronting the new economic engine of the dark web. Rich. JL Tech. 23, 1 (2016)

    Google Scholar 

  24. Sun, M., Wei, T., Lui, J.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 331–342. ACM (2016)

    Google Scholar 

  25. Sun, X., Wu, P., Hoi, S.C.: Face detection using deep learning: an improved faster rcnn approach. Neurocomputing 299, 42–50 (2018)

    Article  Google Scholar 

  26. Wallach, H.M.: Topic modeling: beyond bag-of-words. In: Proceedings of the 23rd International Conference on Machine Learning, pp. 977–984. ACM (2006)

    Google Scholar 

  27. Wu, H.C., Luk, R.W.P., Wong, K.F., Kwok, K.L.: Interpreting TF-IDF term weights as making relevance decisions. ACM Trans. Inf. Syst. (TOIS) 26(3), 13 (2008)

    Article  Google Scholar 

  28. Xue, L., et al.: NDroid: toward tracking information flows across multiple android contexts. IEEE Trans. Inf. Forensics Secur. 14(3), 814–828 (2019)

    Article  Google Scholar 

  29. Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the \(\{\)OS\(\}\) and Dalvik semantic views for dynamic android malware analysis. In: Presented as part of the 21st \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 12), pp. 569–584 (2012)

    Google Scholar 

  30. Yang, Z., Yang, M.: LeakMiner: detect information leakage on android with static taint analysis. In: 2012 Third World Congress on Software Engineering, pp. 101–104. IEEE (2012)

    Google Scholar 

  31. Zhang, Y., Jin, R., Zhou, Z.H.: Understanding bag-of-words model: a statistical framework. Int. J. Mach. Learn. Cybern. 1(1–4), 43–52 (2010)

    Article  Google Scholar 

  32. Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: TaintEraser: protecting sensitive data leaks using application-level taint tracking. ACM SIGOPS Oper. Syst. Rev. 45(1), 142–154 (2011)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IMT Atlantique, Rennes, France

    Routa Moussaileb, Charles Berti, Guillaume Deboisdeffre & Nora Cuppens

  2. LHS-PEC, Inria, Rennes, France

    Routa Moussaileb & Jean-Louis Lanet

Authors
  1. Routa Moussaileb
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Charles Berti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guillaume Deboisdeffre
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nora Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jean-Louis Lanet
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Routa Moussaileb .

Editor information

Editors and Affiliations

  1. ReDCAD, University of Sfax, Sfax, Tunisia

    Slim Kallel

  2. IMT Atlantique, Lab-STICC, Université Bretagne Loire, Rennes, France

    Frédéric Cuppens

  3. IMT Atlantique, Lab-STICC, Université Bretagne Loire, Rennes, France

    Nora Cuppens-Boulahia

  4. ReDCAD, University of Sfax, Sfax, Tunisia

    Ahmed Hadj Kacem

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Moussaileb, R., Berti, C., Deboisdeffre, G., Cuppens, N., Lanet, JL. (2020). Watch Out! Doxware on the Way.... In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41568-6_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41567-9

  • Online ISBN: 978-3-030-41568-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation