Abstract
Numerous countermeasures have been proposed since the first appearance of ransomware. However, many ransomware mutants continue to be created, and the damage they cause has been continually increasing. Existing antivirus tools are signature-dependent and cannot easily detect ransomware attack patterns. If the database used by the antivirus program does not contain the signature of the new malicious behavior, it is not possible to detect the new malware. Thus, the need has emerged for a normal/abnormal behavior analysis technique via a context-aware method. Therefore, a multilateral context-aware-based ransomware detection and response system model is presented in this paper. The proposed model is designed to preemptively respond to ransomware, and post-detection management is performed. An evaluation was conducted to obtain evidence that the given files were altered by ransomware through analyses based on multiple-context awareness. Entropy information was then used to detect abnormal behavior.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Hoe J (2011) Commercial antivirus software effectiveness: an empirical study. Computer 44:63–70. https://doi.org/10.1109/MC.2010.187
Joo JW (2015) Security considerations for a connected car. J Converg 6:1–9
Jung J-S (2014) An unified representation of context knowledge base for mobile context-aware system. J Inf Process Syst 10(4):581–588
Kang WM (2017) An enhanced security framework for home appliances in smart home. Hum Cent Comput Inf Sci 7:6
Kharraz A (2015) Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren M, Maggi F, Gulisano V (eds) Detection of intrusions and malware, and vulnerability assessment. Springer, Cham
Ki Y (2015) A novel approach to detect malware based on API call sequence analysis. Int J Distrib Sens Netw 11:659101
Kim W (2010) Design and implementation of the detection tool of API hooking based on Window XP Kernel. J Secur Eng 7:385–397
Le Guernic C (2017) Ransomware and the legacy crypto API. In: 11th international conference on risks and security of internet and systems, CRiSIS 2016, Roscoff, France, 5–7 Sept 2016, Revised Selected Papers 10158
Lee JK (2016) HB-DIPM: human behavior analysis-based malware detection and intrusion prevention model in the future Internet. J Inf Process Syst 12(3):489–501
Scaif N (2016) CryptoLock (and Drop It): stopping ransomware attacks on user data. In: 2016 IEEE 36th international conference on distributed computing systems (ICDCS), Nara, 2016, pp 303–312. https://doi.org/10.1109/ICDCS
Song S (2016) The effective ransomware prevention technique using process monitoring on android platform. Mob Inf Syst
Willems C (2007) Toward automated dynamic malware analysis using CWS and box. IEEE Secur Priv 5:32–39
Youn J-M (2017) How to detect and block ransomware with file extension management in MacOS. J Korea Inst Inf Secur Cryptol 27(2):251–258
Acknowledgements
This research was supported by the Ministry of Science and ICT (MSIT), Korea, under the Information Technology Research Center (ITRC) support program (IITP-2017-2016-0-00304) supervised by the Institute for Information and communications Technology Promotion (IITP).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by G. Yi.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jung, S., Won, Y. Ransomware detection method based on context-aware entropy analysis. Soft Comput 22, 6731–6740 (2018). https://doi.org/10.1007/s00500-018-3257-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-018-3257-z