شماره ركورد كنفرانس :
175
عنوان مقاله :
2entFOX: A Framework for High Survivable Ransomwares Detection
عنوان به زبان ديگر :
2entFOX: A Framework for High Survivable Ransomwares Detection
پديدآورندگان :
Ahmadian Mohammad Mehdi نويسنده Amirkabir University of technology Tehran - Department of Computer Engineering and Information Technology , Shahriari Hamid Reza نويسنده Amirkabir University of technology Tehran - Department of Computer Engineering and Information Technology
تعداد صفحه :
6
كليدواژه :
Ransomware , Malware detection , Malware Analysis , high survivable ransomware , behavioral detection , component
عنوان كنفرانس :
13 دهمين كنفرانس بين المللي انجمن رمز ايران
زبان مدرك :
فارسی
چكيده لاتين :
Ransomwares have become a growing threat since 2012, and the situation continues to worsen until now. The lack of security mechanisms and security awareness are pushing the systems into mire of ransomware attacks. In this paper, a new framework called 2entFOX1 is proposed in order to detect high survivable ransomwares (HSR). To our knowledge this framework can be considered as one of the first frameworks in ransomware detection because of little publicly-available research in this field. We analyzed Windows ransomwares’ behaviour and we tried to find appropriate features which are particular useful in detecting this type of malwares with high detection accuracy and low false positive rate. After hard experimental analysis we extracted 20 effective features which due to two highly efficient ones we could achieve an appropriate set for HSRs detection. After proposing architecture based on Bayesian belief network, the final evaluation is done on some known ransomware samples and unknown ones based on six different scenarios. The result of this evaluations shows the high accuracy of 2entFox in detection of HSRs.
شماره مدرك كنفرانس :
4490210
سال انتشار :
1395
از صفحه :
1
تا صفحه :
6
سال انتشار :
0
لينک به اين مدرک :
بازگشت