شماره ركورد كنفرانس :
766
عنوان مقاله :
Connection-Monitor & Connection-Breaker: A Novel Approach for Prevention and Detection of High Survivable Ransomwares
عنوان به زبان ديگر :
Connection-Monitor & Connection-Breaker: A Novel Approach for Prevention and Detection of High Survivable Ransomwares
پديدآورندگان :
Ahmadian Mohammad Mehdi نويسنده Iran - Tehran - Amirkabir University of technology - Department of Computer Engineering and Information Technology , Shahriari Hamid Reza نويسنده Iran - Tehran - Amirkabir University of Technology - Department of Computer Engineering and Information Technology , Ghaffarian Mohammad نويسنده Iran - Tehran - Amirkabir University of technology - Department of Computer Engineering and Information Technology
كليدواژه :
malare detection , component , cryptovirology , Ransomware , high survivable ransomwares , malware prevention
عنوان كنفرانس :
12 دهمين كنفرانس بين المللي انجمن رمز ايران
چكيده لاتين :
Ransomwares have become a growing threat in recent years, and this situation continues to worsen. It rose awareness on a particular class of malwares which extort a ransom in exchange for a captive asset. Most widespread ransomwares make an intensive use of data encryption. Basically, they encrypt various files on victim’s hard drives, removable drives and mapped network shares before asking for a ransom to get the files decrypted. In this paper, at first we propose a comprehensive ransomware taxonomy. Then, based on this taxonomy and according to a principal feature which we discovered in high survivable ransomwares (HSR) in the key exchange protocol step, we present a novel approach for detecting high survivable ransomwares and preventing them from encrypting victim’s data. Experimental evaluation demonstrates that our framework can detect variants of recent dangerous ransomwares.
شماره مدرك كنفرانس :
4490565
