Skip to main content
SpringerLink
Log in

Proposed Solution for HID Fileless Ransomware Using Machine Learning

  • Conference paper
  • First Online:
Advanced Communication Systems and Information Security ( ACOSIS 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1264))

  • 414 Accesses

Abstract

Ransomware is a malware category that asks for payment usually in crypto-currency like Bitcoin after encrypting the files of infected computers. In today’s digital threat environment, the rate of ransomware infection has trended upwards to dominate the cyber threat landscape and become one of the emerging threats facing organizations and individuals. In addition to the traditional ransomware, new types have become predominant and they are called fileless ransomware. They use legitimate administration programs and turn them into a tool for fileless infection which is undetectable with traditional security solutions that are based essentially on signature-based detection. In addition to this fileless characteristic, this kind of threat can also be combined with USB-based attacks, also known as HID (Human interface device) attack. In this article, we will present a new attack vector that combines, HID attack, Networking, and fileless ransomware attack on Windows Operating System (OS) machine and then we will present a proposed solution that involves the logistic regression as a Machine learning technique to mitigate against the HID Fileless Ransomware attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Carbon B.: Global Threat Report: The Year of the Next-Gen Cyberattack, January 2019

    Google Scholar 

  2. Al-rimy, B.A.S., Maarof, M.A., Zainudeen, S., Shaid, M.: Ransomware threat success factors, taxonomy, and countermeasures. A survey and research directions. Comput. Secur. 74, 144–166 (2018). https://doi.org/10.1016/j.cose.2018.01.001

  3. Mansfield-Devine, S.: Fileless attacks: compromising targets without malware. Netw. Secur. 4, 7–11 (2017). State of Malware Report

    Google Scholar 

  4. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, FL, pp. 421–430 (2007)

    Google Scholar 

  5. Fu, J., Huang, J., Zhang, L.: Curtain: keep your hosts away from USB attacks. In: Information Security. 20th International Conference (ISC 2017), Ho Chi Minh City, Vietnam, 22–24 November, pp. 455–471 (2017). https://doi.org/10.1007/978-3-319-69659-1_25

  6. Hernandez, G., Fowze, F., Tian, D., Yavuz, T., Butler, K.R.B.: FirmUSB: vetting USB device firmware using domain ınformed symbolic execution. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017), Dallas, TX, USA, 30 October–03 November, pp. 2245–2262 (2017)

    Google Scholar 

  7. Tailor, J.P., Patel, A.D.: A comprehensive survey: ransomware attacks prevention, monitoring and damage control. Int. J. Res. Sci. Innov. IV, 2321–2705 (2017)

    Google Scholar 

  8. Paquet-Clouston, M., Haslhofer, B., Dupont, B.: Ransomware payments in the bitcoin ecosystem. J. Cybersecurity (2018). https://doi.org/10.1093/cybsec/tyz003

  9. 2016 internet crime report. Technical report. Internet Crime Complaint Center, Federal Bureau of Investigation (2016)

    Google Scholar 

  10. Spence, N., Paul III, D.P., Coustasse, A.: Ransomware in healthcare facilities: the future is now. In: The Academy of Business Research, Fall 2017 Conference. Atlantic City, NJ (2017)

    Google Scholar 

  11. Butt, U.J., et al.: Ransomware threat and its ımpact on SCADA. In: 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), London, United Kingdom (2019)

    Google Scholar 

  12. KSN report: Ransomware in 2014–2016. Technical report, Kaspersky Lab (2016)

    Google Scholar 

  13. Symantec: 2018 internet security threat report. vol. 23. Technical report, Symantec (2018)

    Google Scholar 

  14. Salahdine, F., Kaabouch, N.: Social engineering attacks: a survey. Future Internet (2019). https://doi.org/10.3390/fi11040089

  15. Satoshi, N.: Bitcoin: a peer-to-peer electronic cash system (2008)

    Google Scholar 

  16. Sachchidanand, S., Nirmala, S.: Blockchain: future of financial and cyber security. In: 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I), India (2016)

    Google Scholar 

  17. Erdogan, O., Cao, P., Hash-AV: fast virus signature scanning by cache-resident filters. In: Proceedings of the International Conference on Systems and Networks Communications (ICSNC) (2007)

    Google Scholar 

  18. Nwokedi, I., Mathur, A.P.: A Survey of Malware Detection Techniques (2007)

    Google Scholar 

  19. Seungwon, H., Keungi, L., Sangjin, L.: Packed PE file detection for malware forensics. In: 2nd International Conference on Computer Science and its Applications, Jeju, South Korea (2009)

    Google Scholar 

  20. Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. Secur. Priv. IEEE 5(2), 40–45 (2007)

    Article  Google Scholar 

  21. Canfora, G., et al.: Obfuscation techniques against signature-based detection: a case study. In: 2015 Mobile Systems Technologies Workshop (MST), Milan, Italy (2015)

    Google Scholar 

  22. Sood, A.K., Zeadally, S.: Drive-by download attacks: a comparative study. IT Prof. 18(5), 18–25 (2016)

    Article  Google Scholar 

  23. Vassilakis, V., Moscholios, I., Logoth, D.M.: Static and dynamic analysis of wannacry ransomware. In: IEICE Information and Communication Technology Forum (ICTF), Austria (2018)

    Google Scholar 

  24. Bidmeshki, M., et al.: Hardware-based attacks to compromise the cryptographic security of an election system. In: IEEE 34th International Conference on Computer Design (ICCD), Scottsdale, AZ, USA (2016)

    Google Scholar 

  25. Tischer, M., et al.: The danger of USB drives. IEEE Secur. Priv. 15(2), 62–69 (2017)

    Article  Google Scholar 

  26. Nissim, N., Yahalom, R., Elovici, Y.: USB-based attacks. Comput. Secur. 70, 675–688 (2017)

    Article  Google Scholar 

  27. Cannols, B., Ghafarian, A.: Hacking experiment by using USB rubber ducky scripting. Systemics Cybern. Inform. 15(2) (2017). ISSN 1690-4524

    Google Scholar 

  28. Huang, C.-Y., et al.: Identifying HID-based attacks through process event graph using guilt-by-association analysis. In: Published in ICCSP 2019. https://doi.org/10.1145/3309074.3309080

  29. Trend Micro: Fileless Malware: A Hidden Threat. Industry News, Security, 23 October 2017

    Google Scholar 

  30. Jaramillo, L.E.S.: Malware detection and mitigation techniques: lessons learned from Mirai DDOS attack. J. Inf. Syst. Eng. Manage. 3(3), 19 (2018). https://doi.org/10.20897/jisem/2655

  31. Cabau, G., Buhu, M., Oprisa, C.P.: Malware classification based on dynamic behavior. In: 2016 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), Timisoara, Romania (2016)

    Google Scholar 

  32. Kurniawan, A.: Getting Started with Raspberry Pi Zero W. PE Press (2017)

    Google Scholar 

  33. Torres, P.E.P., Yoo, S.G.: Detecting and neutralizing encrypting Ransomware attacks by using machine-learning techniques: a literature review. Int. J. Appl. Eng. Res. 12(18), 7902–7911 (2017)

    Google Scholar 

  34. Umphress, D., Williams, G.: Identity verification through keyboard characteristics. Int. J. Man-Mach. Stud. 23(3), 263–273 (1985)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ENSA, Ibn Tofail University, Kenitra, Morocco

    Mohamed Amine Kerrich & Adnane Addaim

  2. AB Conseils Information-Technology, Casablanca, Morocco

    Loubna Damej

Authors
  1. Mohamed Amine Kerrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adnane Addaim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Loubna Damej
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Adnane Addaim .

Editor information

Editors and Affiliations

  1. Mohammed V University, Rabat, Morocco

    Mostafa Belkasmi

  2. Centrale Supélec and Sorbonne University, Paris, France

    Jalel Ben-Othman

  3. Memorial University of Newfoundland, St. John's, NL, Canada

    Cheng Li

  4. Mohammed V University, Rabat, Morocco

    Mohamed Essaaidi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kerrich, M.A., Addaim, A., Damej, L. (2020). Proposed Solution for HID Fileless Ransomware Using Machine Learning. In: Belkasmi, M., Ben-Othman, J., Li, C., Essaaidi, M. (eds) Advanced Communication Systems and Information Security. ACOSIS 2019. Communications in Computer and Information Science, vol 1264. Springer, Cham. https://doi.org/10.1007/978-3-030-61143-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-61143-9_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-61142-2

  • Online ISBN: 978-3-030-61143-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation