Browse > Article
http://dx.doi.org/10.30693/SMJ.2019.8.1.27

An Efficient Decoy File Placement Method for Detecting Ransomware  

Lee, Jinwoo (숭실대학교 컴퓨터학과)
Kim, Yongmin (숭실대학교 컴퓨터학과)
Lee, Jeonghwan (숭실대학교 컴퓨터학과)
Hong, Jiman (숭실대학교 컴퓨터학부)
Publication Information
Smart Media Journal / v.8, no.1, 2019 , pp. 27-34 More about this Journal
Abstract
Ransomware is a malicious program code evolved into various forms of attack. Unlike traditional Ransomware that is being spread out using email attachments or infected websites, a new type of Ransomware, such as WannaCryptor, may corrupt files just for being connected to the Internet. Due to global Ransomware damage, there are many studies conducted to detect and defense Ransomware. However, existing research on Ransomware detection only uses Ransomware signature database or monitors specific behavior of process. Additionally, existing Ransomware detection methods hardly detect and defense a new Ransomware that behaves differently from the traditional ones. In this paper, we propose a method to detect Ransomware by arranging decoy files and analyzing the method how Ransomware accesses and operates files in the file system. Also, we conduct experiments using proposed method and provide the results of detection and defense of Ransomware in this paper.
Keywords
Ransomware Analysis; Ransomware Detection; Decoy File;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Wikipedia, "Malware"(2017), https://en.wikipedia.org/wiki/Malware. (accessed July 7, 2017)
2 Wikipedia, "Ransomware"(2017), https://en.wikipedia.org/wiki/Ransomware. (accessed July 7, 2017)
3 윤기하, 박성모, "128비트 LEA 암호화 블록 하드웨어 구현 연구," 스마트미디어저널, 제4권, 제4호, 39-46쪽, 2015년 12월
4 "랜섬웨어 해커에게 13억원 줬는데 데이터 완전복구가 안 된다고 한다"(2018), https://www.huffingtonpost.kr/2017/06/30/story_n_17341906.html.(11월 30일, 2018년)
5 Wikipedia, "WannaCry ransomware attack"(2017), https://en.wikipedia.org/wiki/WannaCry_ransomware_attack. (accessed July 27, 2017)
6 "랜섬웨어 대응도 한발 앞서다"(2016), http://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?seq=25436. (11월 30일, 2018년)
7 윤정무, 류재철. "MacOS 에서 파일확장자 관리를 통한 랜섬웨어 탐지 및 차단 방법". 정보보호학회논문지, 27권, 2호, 251-258쪽. 2017년 4월   DOI
8 Kharraz, A., Arshad, S., Mulliner, C., Robertson, W. K., & Kirda, E, UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware, USENIX Security Symposium, pp. 757-772, AUSTIN, TX, 2016, August
9 Utku Sen, "ransomware open-sources"(2015), https://github.com/goliate/hidden-tear. (accessed June 20, 2017)
10 SanJay, "Various codes related to Ransomware Developement" (2017) , https://github.com/roothaxor/Ransom. (accessed June 20, 2017)
11 신용학, 전준영, 김종성. "삭제되거나 손상된 이벤트 로그(EVTX) 파일 복구 기술에 대한 연구". 정보보호학회논문지, 26권, 2호, 387-396쪽. 2016년 4월   DOI
12 "Audipol을 이용한 Windows 2008 이벤트오류 disable enable"(2014), http://www.duck.pe.kr/281 (11월 30일, 2018년)
13 joachimmetz, "Windows XML Event Log (EVTX) format"(2016), https://github.com/libyal/libevtx/blob/master/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc (accessed June 25, 2017)
14 이후기, 성종혁, 김유천, 김종배, 김관용. "랜섬웨어 분석 및 탐지패턴 자동화 모델에 관한 연구". 한국정보통신학회논문지, 21권, 8호, 1581-1588쪽. 2017년 8월   DOI
15 옥정균, 임을규. "정적 분석 정보와 동적 분석 정보를 이용한 랜섬웨어 탐지 모델 제안". 한국컴퓨터종합학술대회논문집, 24권, 2호, 1180-1182쪽, ICC JEJU, Korea, 2018년 6월
16 "Code Page 1252 Windows Latin 1(ANSI)"(2018),https://msdn. microsoft.com/en-us/library/cc195054.aspx.(12월 2일, 2018년)
17 Wikipedia, "Windows-1252"(2017), https://en.wikipedia.org/wiki/Windows-1252. (accessed July 10, 2017)