Skip to main content
SpringerLink
Log in

CloudRPS: a cloud analysis based enhanced ransomware prevention system

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Recently, indiscriminate ransomware attacks targeting a wide range of victims for monetary gains have become a worldwide social issue. In the early years, ransomware has used e-mails as attack method. The most common spreading method was through spam mail or harmful websites. In addition, social networking sites or smartphone messages are used. Ransomware can encrypt the user’s files and issues a warning message to the user and requests payment through bitcoin, which is a virtual currency that is hard to trace. It is possible to analyze ransomware but this has its limitations as new ransomware is being continuously created and disseminated. In this paper, we propose an enhanced ransomware prevention system based on abnormal behavior analysis and detection in cloud analysis system—CloudRPS. This proposed system can defend against ransomware through more in-depth prevention. It can monitors the network, file, and server in real time. Furthermore, it installs a cloud system to collect and analyze various information from the device and log information to defend against attacks. Finally, the goal of the system is to minimize the possibility of the early intrusion. And it can detect the attack quickly more to prevent at the user’s system in case of the ransomware compromises.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Jang-Jaccard J, Nepal S (2014) A survey of emerging threats in cybersecurity. J Comput Syst Sci 80(5):973–993

    Article  MathSciNet  MATH  Google Scholar 

  2. Furnell S, Emm D, Papadaki M (2015) The challenge of measuring cyber-dependent crimes. Comput Fraud Secur 2015(10):5–12

    Article  Google Scholar 

  3. Jingle IDJ, Rajsingh EB (2014) ColShield: an effective and collaborative protection shield for the detection and prevention of collaborative flooding of DDoS attacks in wireless mesh networks. Hum. Centric Comput. Inf. Sci. 4(1) 1–19

  4. Feng L, Liao X, Han Q, Li H (2013) Dynamical analysis and control strategies on malware propagation model. Appl Math Model 37(16–17):8225–8236

    Article  MathSciNet  Google Scholar 

  5. Symantec (2014) Internet security threat report. http://www.symantec.com/security_response/publications/threatreport.jsp

  6. Andronio N, Zanero S, Maggi F (2015) HELDROID: dissecting and detecting mobile ransomware, RAID 2015, LNCS 9404, pp 382–404

  7. Everett C (2016) Ransomware: to pay or not to pay? Comput Fraud Secur 2016(4):8–12

    Article  Google Scholar 

  8. Elsevier Network security (2016) Ransomware expands, attacks hospitals and local authorities, and moves to new platforms. 2016(3):1–2. Editied by Steve Mansfield-Devine, Publishing Director: Bethan Keall. http://www.sciencedirect.com/science/article/pii/S1353485816300228

  9. Nath HV, Mehtre BM (2014) Static Malware analysis using machine learning methods. Second International Conference SNDS 2014 Proceedings, Communications in Computer and Information Science, vol 420, pp 440–450

  10. Cisco (2015) Ransomware on steroids: Crytowall 2.0. http://www.blogs.cisco.com/security/talos/crptowall-2

  11. Threatpost (2013) Researchers uncover affiliate network for ransomware, by Tom Spring. https://www.threatpost.com/researchers-uncover-affiliate-network-for-ransomware/118452/

  12. Journal Network Security (2015) Ransomware defeated but new forms emerge. 2015(11). Editied by Steve Mansfield-Devine, Sarah Gordon, Publishing Director: Deborah Logan. http://www.dl.acm.org/citation.cfm?id=2850884

  13. Narudin FA, Feizollah A, Anuar NB, Gani A (2014) Evaluation of machine learning classifiers for mobile malware detection. Soft Comput Methodol Appl 20(1):343–357

    Article  Google Scholar 

  14. Gazet A (2010) Comparative analysis of various ransomware virii. J Comput Virol 6(1):77–90

    Article  Google Scholar 

  15. Microsoft. File system minifilter drivers. https://www.msdn.microsoft.com/enus/library/windows/hardware/ff540402%28v=vs.85%29.aspx,2014

  16. Spagnuolo M, Maggi F, Zanero S (2014) BitIodine: extracting intelligence from the bitcoin network. Financial cryptography and data security (FC 2014), LNCS, vol 8437, pp 452–463

  17. Xing X, Meng W, Lee B, Weinsberg U, Sheth A, Perdisci R, Lee W (2015) Understanding malvertising through Ad-injecting browser extensions. WWW ’15 Proceedings of the 24th International Conference on World Wide Web, pp 1286–1295

  18. Sood AK, Enbody RJ (2011) Malvertising—exploiting web advertising. Comput Fraud Secur 2011(4):11–16

    Article  Google Scholar 

  19. Symantec (2013) Massive malvertising campaign leads to browser-locking ransomware. http://www.symantec.com/connect/blogs/massive-malvertising-campaign-leads-browser-locking-ransomware

  20. Malware don’t need Coffee (2015) Guess who’s back again? Cryptowall3.0. http://www.malware.dontneedcoffee.com/2015/01/guess-whos-back-again-cryptowall-30.html

  21. Cabaj K, Gawkowski P, Grochowski K, Osojca D (2015) Network activity analysis of CryptoWall ransomware. PRZEGLAD ELEKTROTECHNICZNY 2015(15):201–204

  22. Dell secureworks (2014) Cryptolocker ransomware. http://www.secureworks.com/cyber-threatintelligence/threats/cryptolocker-ransomware/

  23. Mansfield-Devine S (2014) Tor under attack. Comput Fraud Secur 2014(8):15–18

    Article  Google Scholar 

  24. Cisco (2015) Threat spotlight: TeslaCrypt—decrypt it yourself. http://www.blogs.cisco.com/security/talos/teslacryptj

  25. RanCERT (2015) https://www.rancert.com/bbs/bbs.phpmode=view&id=18&bbs_id=case&page=2&part=&keyword=

  26. EnigmaSoftware (2016) locky File extension’ ransomware. http://www.enigmasoftware.com/lockyfileextensionransomwareremoval/

  27. Kharraz A, Robertson W, Balzarotti D, Bilge L, Kirda E (2015) Cutting the Gordian knot: a look under the hood of ransomware attacks. Detection of Intrusions and Malware, and Vulnerability Assessment(DIMVA): 12th International Conference, pp 3–24

  28. Yang T, Yang Y, Qian K, Lo DCT, Qian Y, Tao L (2015) Automated Detection and Analysis for Android Ransomware. In: HPCC-CSS-ICESS ’15 Proceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and Systems. IEEE Computer Society Washington, DC, USA, pp 1338–1343

  29. Ahmadian MM, Shahriari HR, Ghaffarian SM (2015) Connection-monitor & connection-breaker: a novel approach for prevention and detection of high survivable Ransomware. In: 12th International ISC Conference on Information Security and Cryptology (ISCISC 2015), pp 79–84

  30. Gazet A (2010) Comparative analysis of various ransomware virii. J Comput Virol 6(1):77–90

    Article  Google Scholar 

  31. Mercaldo F, Nardone V, Santone A, Visaggio CA (2016) Ransomware steals your phone. Formal methods rescue it. In: Lecture Notes in Computer Science, vol 9688. pp 212–221

  32. Rasthofer S, Asrar I, Huber S, Bodden E (2015) How current android malware seeks to evade automated code analysis. 9th IFIP WG 11.2 International Conference, WISTP 2015, Heraklion, Crete, Greece, August 24–25, 2015. Proceedings, Information Security Theory and Practice, vol 9311, pp 187–202

Download references

Acknowledgments

This work was partly supported by Institute for Information & communications Technology Promotion(IITP) Grant funded by the Korea government(MSIP) (No.R-20160222-002755, Cloud based Security Intelligence Technology Development for the Customized Security Service Provisioning) and This research was supported by the MSIP(Ministry of Science, ICT and Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (IITP-2016-H8501-16-1014) supervised by the IITP(Institute for Information & communications Technology Promotion).

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Seoul National University of Science and Technology, Seoul, Korea

    Jeong Kyu Lee, Seo Yeon Moon & Jong Hyuk Park

Authors
  1. Jeong Kyu Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seo Yeon Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jong Hyuk Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jong Hyuk Park.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lee, J.K., Moon, S.Y. & Park, J.H. CloudRPS: a cloud analysis based enhanced ransomware prevention system. J Supercomput 73, 3065–3084 (2017). https://doi.org/10.1007/s11227-016-1825-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-016-1825-5

Keywords

Search

Navigation