Browse > Article
http://dx.doi.org/10.6109/jkiice.2017.21.8.1581

The Automation Model of Ransomware Analysis and Detection Pattern  

Lee, Hoo-Ki (Department of IT Policy and Management, Soongsil University)
Seong, Jong-Hyuk (Department of Information Security Systems, Kyonggi University)
Kim, Yu-Cheon (Department of Information Security, Dongguk University)
Kim, Jong-Bae (Graduate School of Software, Soongsil University)
Gim, Gwang-Yong (Dept. of Business Administration, Soongsil University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.21, no.8, 2017 , pp. 1581-1588 More about this Journal
Abstract
Recently, circulating ransomware is becoming intelligent and sophisticated through a spreading new viruses and variants, targeted spreading using social engineering attack, malvertising that circulate a large quantity of ransomware by hacking advertising server, or RaaS(Ransomware-as-a- Service), from the existing attack way that encrypt the files and demand money. In particular, it makes it difficult to track down attackers by bypassing security solutions, disabling parameter checking via file encryption, and attacking target-based ransomware with APT(Advanced Persistent Threat) attacks. For remove the threat of ransomware, various detection techniques are developed, but, it is very hard to respond to new and varietal ransomware. Accordingly, in this paper, find out a making Signature-based Detection Patterns and problems, and present a pattern automation model of ransomware detecting for responding to ransomware more actively. This study is expected to be applicable to various forms in enterprise or public security control center.
Keywords
Ransomware; Malvertising; RaaS; Signature-based Detection; Pattern Automation;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Korea Ransomware Infringement Response Center (2017. February). 2017 Ransomware Infringement Analysis Report [Internet], Available: https://www.rancert.com/bbs/bbs.php?bbs_id=notice&mode=view&id=52.
2 KISA (2017. January). 16-year Ransomware trend and 17-year outlook [Internet], Available: http://www.krcert.or.kr/data/reportView.do?bulletin_writing_sequence=24983.
3 J. M. Youn, J. G. Jo, and J. C. Ryu, "Methodology for intercepting the ransomware attacks using file i/o intervals," Journal of The Korea Institute of Information Security & Cryptology, vol.26, no.3, pp.645-653, Jun. 2016.   DOI
4 G. S. Kim and M. S. Kang, "The next generation of cyber security issues and threats and countermeasures," Journal of the Institute of Electronics and Information Engineers, vol. 41, no. 4, pp. 69-77, Apr. 2014.
5 Hauri (2017. March). Virobot Security Magazine[Internet], Available: http://www.hauri.co.kr/information/magazine_view.html?intSeq=95&page=1.
6 Kbench (2017. February). Evolving Korea customized Ransomware. Venus Locker variant disguised as educational schedule discovery in Korea [Internet]. Available: http://www.kbench.com/?q=node/172991.
7 Symantec (2016. June). An Special report: Ransomware and Business [Internet], Available: https://www.symantec.com/connect/blogs/report-organizations-must-respond-increasing-threat-ransomware.
8 Trendmicro (2016. July). Why Ransomware is 'Eaten' Part 2: Penteration Strategy [Internet]. Available: http://www.trendmicro.co.kr/kr/blog/ransomware-arrival-methods/index.html.
9 Badware.info (2016. December), Malicious Link Diffusion Detection System Trend Analysis Report [Internet]. Available: http://www.uproot.im/pdf/badware.pdf.
10 B. J. Kim, W. S. Kim, J. H. Lee, S. H. Yim, S. G. Song, and S. J. Lee, "Design and implementation of a ransomware prevention system using process monitoring on android platform," Proceedings of the Korean institute of information scientists and engineers, pp. 852-853, Dec. 2015.
11 J. Y. Moon and Y. H. Chang, "Ransomware analysis and method for minimize the damage," The Journal of the Convergence on Culture Technology, vol. 2, no. 1, pp.79- 85, Feb. 2016.   DOI
12 Malwarebytes (2017, January). 2017 State of Malware Report[Internet]. Available: https://blog.malwarebytes.com/malwarebytes-news/2017/02/2016-state-of-malware-report/.
13 SonicWall (2017. February). 2017 SonicWall Annual Threat Report [Internet]. https://www.sonicwall.com/whitepaper/2017-sonicwall-annual-threat-report8121810/.