nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Unmasking of Maskware: Detection and Prevention of Next-Generation Mobile Crypto-Ransomware

verfasst von : Farnood Faghihi, Mohammad Zulkernine, Steven Ding

Erschienen in: Foundations and Practice of Security

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Malware is advancing at a rapid pace, and it is becoming more stealthy, resilient, and aware of the existing detection methods. A similar trend in mobile crypto-ransomware can be expected soon. Thus, it is crucial to investigate the problem of new variants of mobile crypto-ransomware that may emerge in the near future. Hence, this work investigates how next-generation advanced mobile crypto-ransomware can evade the existing state-of-the-art detection metrics and how it is possible to neutralize this threat. After reviewing the current data-centric crypto-ransomware detection metrics, we investigate the possibility of evading them. We demonstrate the threat posed by next-generation mobile crypto-ransomware by implementing a crypto-ransomware targeted for the Android operating system called Maskware. Maskware uses partial encryption and mimics the behavior of legitimate applications in terms of data manipulation. We evaluate the effectiveness of common crypto-ransomware detection metrics, including entropy, data transformation, and file structure, in the detection of Maskware. We demonstrate that such metrics are ineffective in detecting Maskware. Hence, this article suggests using more efficient and effective methods to combat such malware and proposes a novel solution. The evaluation results of the proposed solution demonstrate that it can effectively detect Maskware and protect users’ data.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Green-Fuzz: Efficient Fuzzing for Network Protocol Implementations

Nächstes Kapitel Automated Attacker Behaviour Classification Using Threat Intelligence Insights

Abdel-Basset, M., Moustafa, N., Hawash, H., Ding, W.: Deep Learning Techniques for IoT Security and Privacy. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-89025-4CrossRef

Bajpai, P., Enbody, R.: An empirical study of key generation in cryptographic ransomware. In: 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–8. IEEE (2020)

Berrueta, E., Morato, D., Magaña, E., Izal, M.: A survey on detection techniques for cryptographic ransomware. IEEE Access 7, 144925–144944 (2019)CrossRef

Canadian Centre for Cyber Security: National cyber threat assessment (2020). https://cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2020. Accessed Dec 2021

Chen, J., Wang, C., Zhao, Z., Chen, K., Du, R., Ahn, G.J.: Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forensics Secur. 13(5), 1286–1300 (2017)CrossRef

Continella, A., et al.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347 (2016)

Darwin, I.F.: File - Linux man page (2008). https://linux.die.net/man/1/file. Accessed Dec 2021

Davies, S.R., Macfarlane, R., Buchanan, W.J.: Differential area analysis for ransomware attack detection within mixed file datasets. Comput. Secur. 108, 102377 (2021)CrossRef

Faghihi, F., Zulkernine, M.: Ransomcare: data-centric detection and mitigation against smartphone crypto-ransomware. Comput. Netw. 191, 108011 (2021)CrossRef

10.

Financial Crimes Enforcement Network, US Treasury: Financial trend analysis (2020). Accessed Dec 2021

11.

Hicks, B.J., Dong, A., Palmer, R., Mcalpine, H.C.: Organizing and managing personal electronic files: a mechanical engineer’s perspective. ACM Trans. Inf. Syst. 26(4) (2008)

12.

Kaspersky Lab: The onion ransomware (encryption trojan) (2021). https://www.kaspersky.com/resource-center/threats/onion-ransomware-virus-threat. Accessed Dec 2021

13.

Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: \(\{\)UNVEIL\(\}\): a large-scale, automated approach to detecting ransomware. In: 25th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 16), pp. 757–772 (2016)

14.

Lee, K., Lee, S.-Y., Yim, K.: Effective ransomware detection using entropy estimation of files for cloud services. In: Esposito, C., Hong, J., Choo, K.-K.R. (eds.) I-SPAN 2019. CCIS, vol. 1080, pp. 133–139. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30143-9_11CrossRef

15.

Lessing, M.: Case study: archievus ransomware (2020). https://www.sdxcentral.com/security/definitions/case-study-archievus-ransomware/. Accessed Dec 2021

16.

Sophos Ltd.: Lockfile ransomware’s box of tricks: intermittent encryption and evasion (2021). https://news.sophos.com/en-us/2021/08/27/lockfile-ransomwares-box-of-tricks-intermittent-encryption-and-evasion/. Accessed Dec 2021

17.

May, M.J., Laron, E.: Combating ransomware using content analysis and complex file events. In: 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2019)

18.

McAfee: An analysis of the wannacry ransomware outbreak (2017). https://www.mcafee.com/blogs/other-blogs/executive-perspectives/analysis-wannacry-ransomware-outbreak/. Accessed Dec 2021

19.

McIntosh, T., Jang-Jaccard, J., Watters, P., Susnjak, T.: The inadequacy of entropy-based ransomware detection. In: Gedeon, T., Wong, K.W., Lee, M. (eds.) ICONIP 2019. CCIS, vol. 1143, pp. 181–189. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36802-9_20CrossRef

20.

McIntosh, T., Watters, P., Kayes, A., Ng, A., Chen, Y.P.P.: Enforcing situation-aware access control to build malware-resilient file systems. Futur. Gener. Comput. Syst. 115, 568–582 (2021)CrossRef

21.

Mehnaz, S., Mudgerikar, A., Bertino, E.: RWGuard: a real-time detection system against cryptographic ransomware. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 114–136. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_6CrossRef

22.

Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2_15CrossRef

23.

Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312. IEEE (2016)

24.

Sjouwerman, S.: The evolution of mobile ransomware (2020). https://blog.knowbe4.com/evolution-of-mobile-ransomware. Accessed Dec 2021

25.

Sullivan, G.J., Wiegand, T.: Video compression-from concepts to the h. 264/avc standard. Proc. IEEE 93(1), 18–31 (2005)

26.

Varonis: Ransomware statistics, data, trends and facts (2020). https://www.varonis.com/blog/ransomware-statistics-2021/. Accessed Dec 2021

27.

Varonis: Return of the darkside: analysis of a large-scale data theft campaign (2021). https://www.varonis.com/blog/darkside-ransomware. Accessed Dec 2021

28.

Wu, B., et al.: Why an android app is classified as malware: toward malware classification interpretation. ACM Trans. Softw. Eng. Methodol. (TOSEM) 30(2), 1–29 (2021)CrossRef

29.

Xia, T., Sun, Y., Zhu, S., Rasheed, Z., Shafique, K.: Toward a network-assisted approach for effective ransomware detection. arXiv preprint arXiv:2008.12428 (2020)

Titel: Unmasking of Maskware: Detection and Prevention of Next-Generation Mobile Crypto-Ransomware
verfasst von: Farnood Faghihi
Mohammad Zulkernine
Steven Ding
Verlag: Springer Nature Switzerland
Buch: Foundations and Practice of Security
Print ISBN: 978-3-031-57536-5

Electronic ISBN: 978-3-031-57537-2

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-57537-2_17

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner