Browse > Article
http://dx.doi.org/10.5762/KAIS.2019.20.4.50

A Study on the Ransomware Detection System Based on User Requirements Analysis for Data Restoration  

Ko, Yong-Sun (Department of IT Policy Management, Graduate School, Soongsil University)
Park, Jae-Pyo (Department of Information Security, Graduate School of Information Sciences, Soongsil University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.20, no.4, 2019 , pp. 50-55 More about this Journal
Abstract
Recently Ransomware attacks are continuously increasing, and new Ransomware, which is difficult to detect just with a basic vaccine, continuously has its upward trend. Various solutions for Ransomware have been developed and applied. However, due to the disadvantages and limitations of existing solutions, damage caused by Ransomware has not been reduced. Ransomware is attacking various platforms no matter what platform it is, such as Windows, Linux, servers, IoT devices, and block chains. However, most existing solutions for Ransomware are difficult to apply to various platforms, and there is a limit that they are dependent on only some specific platforms while operating. This study analyzes the problems of existing Ransomware detection solutions and proposes the onboard module based Ransomware detection system; after the system defines the function of necessary elements through analyzing requirements that can actually reduce the damage caused by the Ransomware from the viewpoint of users, it supports various OS without pre-installation and is able to restore data even after being infected. We checked the feasibility of each function of the proposed system through the analysis of the existing technology and verified the suitability of the proposed techniques to meet the user's requirements through the questionnaire survey of a total of 264 users of personal and corporate PC users. As a result of statistical analysis of the questionnaire results, it was found that the score of intent to introduce the system was at 6.3 or more which appeared to be good, and the score of intent to change from existing solution to the proposed system was at 6.0 which appeared to be very high.
Keywords
Ransomeware; SSD; Garbage Collection; Delayed Deletion; Restore Data;
Citations & Related Records
연도 인용수 순위
  • Reference
1 N. Scaife, H. Carter, P. Traynor, and K. Butler, "Cryptolock(and drop it): Stopping ransomware attacks on user data", Proceedings of IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp.303-312, June 2016. DOI: https://doi.org/10.1109/ICDCS.2016.46
2 Joon-young Paik, Keun-tae Shin, Eun-sun Cho, "Self-Defensible Storage Devices based on Flash memory against Ransomware", IEEE Symposium on Security and Privacy, May 2016.
3 C. Everette, "Ransomware: to pay or not to pay?" Journal of Computer Fraud & Security, Vol.16, No.4, pp.8-12, April 2016. DOI: https://doi.org/10.1016/S1361-3723(16)30036-7   DOI
4 Y Qin, W Tong, J Liu, Z Zhu, "SmSD: A smart secure deletion scheme for SSDs", Journal of Convergence, Vol.4, No.4, pp.8-12, Dec. 2013.
5 N. Hampton, Z. Baig, S. Zeadally, "Ransomware behavioural analysis on windows platforms", Journal of Information Security and Applications, Vol.40, pp.44-51, June 2018. DOI: http://dx.doi.org/10.1016/j.jisa.2018.02.008   DOI
6 J. S. Aidan, H. K. Verma, L. K. Awasthi, "Comprehensive Survey on Petya Ransomware Attack", Proceedings of International Conference on Next Generation Computing and Information Systems (ICNGCIS), pp.11-12, Dec. 2017. DOI: https://doi.org/10.1109/ICNGCIS.2017.30
7 F. Chen, D. A. Koufaty, X. Zhang, "Understanding intrinsic characteristics and system implications of flash memory based solid state drives", Proceedings of the International Joint Conference on Measurement and Modeling of Computer Systems, pp.181-192, June 2009. DOI: https://doi.org/10.1145/1555349.1555371
8 Yu-Ji Lee, Internet Nayana, Ransomware infection by APT attack, security management, Byline Network, 2017. Available From: https://byline.network/2017/06/1-792/ (accessed Dec. 20, 2018)
9 C. Moore, "Detecting Ransomware with Honeypot Techniques", Proceedings of Cybersecurity and Cyberforensics Conference(CCC), pp.2-4, Aug. 2016. DOI: https://doi.org/10.1109/CCC.2016.14
10 H. Orman, "Evil offspring - Ransomware and crypto technology," Journal of IEEE Internet Computing, Vol.20, No.5, pp.89-94, Oct. 2016. DOI: https://doi.org/10.1109/MIC.2016.90   DOI
11 E. Kirda, "UNVEIL: A large-scale, automated approach to detecting ransomware," Proceedings of tIEEE 24th International Conference on Software Analysis, Evolution and Reengineering(SANER), pp.20-24 Feb. 2017. DOI: https://doi.org/10.1109/SANER.2017.7884603