Abstract
A crypto ransomware usually encrypts files of victims using block cipher encryption. Afterward, the ransomware requests a ransom for encrypted files to victims. In this paper, we present a novel defense against crypto ransomware by detecting block cipher encryption for low-end Internet of Things (IoT) environment. The proposed method analyzes the binary code of low-end microcontrollers in the base-station (i.e. server) and it is classified in either ransomware virus or benign software. Block cipher implementations from Lightweight block cipher library (i.e. FELICS) and general software from AVR packages were trained and evaluated through the deep learning network. The proposed method successful classifies the general software and potential ransomware virus by identifying the cryptography function call, which is evaluated in terms of recall rate, precision rate and F-measure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Mohurle, S., Patil, M.: A brief study of Wannacry threat: Ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5) (2017)
Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 757–772 (2016)
Weckstén, M., Frick, J., Sjöström, A., Järpe, E.: A novel method for recovery from Crypto Ransomware infections. In: 2016 2nd IEEE International Conference on Computer and Communications (ICCC), pp. 1354–1358. IEEE (2016)
Tseng, A., Chen, Y., Kao, Y., Lin, T.: Deep learning for ransomware detection. IEICE Tech. Rep. 116(282), 87–92 (2016)
Vinayakumar, R., Soman, Velan, K.S., Ganorkar, S.: Evaluating shallow and deep networks for ransomware detection and classification. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 259–265. IEEE (2017)
Poudyal, S., Dasgupta, D., Akhtar, Z., Gupta, K.: A multi-level ransomware detection framework using natural language processing and machine learning. In: 14th International Conference on Malicious and Unwanted Software" MALCON (2019)
Gröbert, F., Willems, C., Holz, T.: Automated identification of cryptographic primitives in binary programs. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 41–60. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23644-0_3
Lestringant, P., Guihéry, F., Fouque, P.-A.: Automated identification of cryptographic primitives in binary code with data flow graph isomorphism. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 203–214 (2015)
Kiraz, M.S., Genç, Z.A., Öztürk, E.: Detecting large integer arithmetic for defense against crypto ransomware. Technical report (2017)
Yaqoob, I., et al.: The rise of ransomware and emerging security challenges in the Internet of Things. Comput. Networks 129, 444–458 (2017)
Azmoodeh, A., Dehghantanha, A., Conti, M., Choo, K.-K.R.: Detecting crypto-ransomware in IoT networks based on energy consumption footprint. J. Ambient Intell. Humaniz. Comput. 9(4), 1141–1152 (2018)
Azmoodeh, A., Dehghantanha, A., Choo, K.-K.R.: Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans. Sustain. Comput. 4(1), 88–95 (2018)
Zahra, A., Shah, M.A.: IoT based ransomware growth rate evaluation and detection using command and control blacklisting. In: 2017 23rd International Conference on Automation and Computing (ICAC), pp. 1–6. IEEE (2017)
Karimi, A., Moattar, M.H.: Android ransomware detection using reduced opcode sequence and image similarity. In: 2017 7th International Conference on Computer and Knowledge Engineering (ICCKE), pp. 229–234. IEEE (2017)
Kumar, R., Xiaosong, Z., Khan, R.U., Ahad, I., Kumar, J.: Malicious code detection based on image processing using deep learning. In: Proceedings of the 2018 International Conference on Computing and Artificial Intelligence, pp. 81–85 (2018)
Dinu, D., Biryukov, A., Großschädl, J., Khovratovich, D., Le Corre, Y., Perrin, L.: FELICS-fair evaluation of lightweight cryptographic systems. In: NIST Workshop on Lightweight Cryptography, vol. 128 (2015)
Daemen, J., Rijmen, V.: AES proposal: Rijndael (1999)
Hong, D., Lee, J.-K., Kim, D.-C., Kwon, D., Ryu, K.H., Lee, D.-G.: LEA: a 128-bit block cipher for fast encryption on common processors. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 3–27. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05149-9_1
Hong, D., et al.: HIGHT: a new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_4
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: SIMON and SPECK: Block ciphers for the internet of things. IACR Cryptology ePrint Archive 2015, 585 (2015)
Williams, J.L., Fisher, J.W., Willsky, A.S.: Approximate dynamic programming for communication-constrained sensor network management. IEEE Trans. Signal Process. 55(8), 4300–4311 (2007)
Acknowledgement
This work was partly supported as part of Military Crypto Research Center (UD170109ED) funded by Defense Acquisition Program Administration(DAPA) and Agency for Defense Development(ADD) and this work was partly supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2018-0-00264, Research on Blockchain Security Technology for IoT Services) and this work was partly supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government(MSIT) (No. NRF-2020R1F1A1048478).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kim, H., Park, J., Kwon, H., Jang, K., Choi, S.J., Seo, H. (2020). Detecting Block Cipher Encryption for Defense Against Crypto Ransomware on Low-End Internet of Things. In: You, I. (eds) Information Security Applications. WISA 2020. Lecture Notes in Computer Science(), vol 12583. Springer, Cham. https://doi.org/10.1007/978-3-030-65299-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-65299-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65298-2
Online ISBN: 978-3-030-65299-9
eBook Packages: Computer ScienceComputer Science (R0)