UNVEIL: a large-scale, automated approach to detecting ransomware
作者: Engin Kirda , Sajjad Arshad , Amin Kharraz , Collin Mulliner , William Robertson
DOI:
关键词:
摘要: Although the concept of ransomware is not new (i.e., such attacks date back at least as far 1980s), this type malware has recently experienced a resurgence in popularity. In fact, last few years, number high-profile were reported, large-scale attack against Sony that prompted company to delay release film "The Interview." Ransomware typically operates by locking desktop victim render system inaccessible user, or encrypting, overwriting, deleting user's files. However, while many generic detection systems have been proposed, none these attempted specifically address problem. In paper, we present novel dynamic analysis called UNVEIL designed detect ransomware. The key insight order mount successful attack, must tamper with files desktop. automatically generates an artificial user environment, and detects when interacts data. parallel, approach tracks changes system's indicate ransomware-like behavior. Our evaluation shows significantly improves state art, able identify previously unknown evasive was detected antimalware industry.
参考文章(30)
Yuhei Kawakoya, Makoto Iwamura, Eitaro Shioji, Takeo Hariu, API Chaser: Anti-analysis Resistant Malware Analyzer recent advances in intrusion detection. pp. 123- 143 ,(2013) , 10.1007/978-3-642-41284-4_7
Martina Lindorfer, Clemens Kolbitsch, Paolo Milani Comparetti, Detecting Environment-Sensitive Malware Lecture Notes in Computer Science. pp. 338- 357 ,(2011) , 10.1007/978-3-642-23644-0_18
A.H. Sung, J. Xu, P. Chavez, S. Mukkamala, Static analyzer of vicious executables (SAVE) annual computer security applications conference. pp. 326- 334 ,(2004) , 10.1109/CSAC.2004.37
Brian M. Bowen, Shlomo Hershkop, Angelos D. Keromytis, Salvatore J. Stolfo, Baiting Inside Attackers Using Decoy Documents international conference on security and privacy in communication systems. ,vol. 19, pp. 51- 70 ,(2008) , 10.1007/978-3-642-05284-2_4
Engin Kirda, Richard A. Kemmerer, Christopher Kruegel, Greg Banks, Giovanni Vigna, Behavior-based spyware detection usenix security symposium. pp. 19- ,(2006)
Danilo Bruschi, Lorenzo Martignoni, Mattia Monga, Detecting Self-mutating Malware Using Control-Flow Graph Matching Detection of Intrusions and Malware & Vulnerability Assessment. ,vol. 4064, pp. 129- 143 ,(2006) , 10.1007/11790754_8
J.-Y. Xu, A.H. Sung, P. Chavez, S. Mukkamala, Polymorphic malicious executable scanner by API sequence analysis international conference hybrid intelligent systems. pp. 378- 383 ,(2004) , 10.1109/ICHIS.2004.75
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Davide Balzarotti, Wouter Joosen, Marco Balduzzi, Steven Van Acker, Nick Nikiforakis, Exposing the lack of privacy in file hosting services usenix conference on large scale exploits and emergent threats. pp. 1- 1 ,(2011)
Elizabeth Stinson, John C. Mitchell, Characterizing Bots’ Remote Control Behavior Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 89- 108 ,(2007) , 10.1007/978-3-540-73614-1_6