Digital vaccine-based dynamic defense model for stealthy ransomware attacks
ZHANG Yu1, LIU Qingzhong2, SHI Yuanquan3, CAO Junkuo1
1. Department of Computer Science, Hainan Normal University, Haikou 571158, China; 2. Department of Computer Science, Sam Houston State University, Houston 77340, USA; 3. School of Computer Science and Engineering, Huaihua University, Huaihua 418000, China
Abstract:Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or permanently block access to it unless a ransom is paid. Stealthy ransomware is a new type of ransomware that tries to evade detection by deleting all hard copies of its files and just residing in a process running in memory. This study uses danger theory for the biological immune system to design a digital vaccine-based dynamic defense model for stealthy ransomware attacks. Formal definitions are given for some immune concepts such as digital vaccine, antigen, antibody and antibody concentration. Vaccinations with digital vaccines (creating bait files and folders) give the system immature antibodies against stealthy ransomware attacks. The system quickly detects stealthy ransomware attacks using dynamic monitoring of the stealthy ransomware attack antigens in both the core and application layers and by monitoring the dynamic evolution of antibodies and changes of the antibody concentration. Analyses and tests show that the model provides effective real-time detection of stealthy ransomware attacks that are more effective than traditional methods.
张瑜, 刘庆中, 石元泉, 曹均阔. 基于数字疫苗的隐遁勒索病毒攻击动态防御模型[J]. 清华大学学报(自然科学版), 2020, 60(5): 402-407.
ZHANG Yu, LIU Qingzhong, SHI Yuanquan, CAO Junkuo. Digital vaccine-based dynamic defense model for stealthy ransomware attacks. Journal of Tsinghua University(Science and Technology), 2020, 60(5): 402-407.
[1] Carbon Black. The ransomware economy[R]. https://www.carbonblack.com/wp-content/uploads/2017/10/Carbon-Black-Ransomware-Economy-Report-101117.pdf,2019. [2] KRUNAL G, VIRAL P. Survey on ransomware:A new era of cyber attack[J]. International Journal of Computer Applications, 2017, 168(3):38-41. [3] MANSFIELD-DEVINE S. Fileless attacks:Compromising targets without malware[J]. Network Security, 2017, 2017(4):7-11. [4] AL-RIMY B A S, MAAROF M A, SHAID S Z M. Ransomware threat success factors, taxonomy, and countermeasures:A survey and research directions[J]. Computers & Security, 2018, 74:144-166. [5] KHARRAZ A, ROBERTSON W, KIRDA E. Protecting against ransomware:A new line of research or restating classic ideas?[J]. IEEE Security & Privacy, 2018, 16(3):103-107. [6] HAMPTON N, BAIG Z, ZEADALLY S. Ransomware behavioural analysis on windows platforms[J]. Journal of Information Security and Applications, 2018, 40:44-51. [7] HOMAYOUN S, DEHGHANTANHA A, AHMADZADEH M, et al. Know abnormal, find evil:Frequent pattern mining for ransomware threat hunting and intelligence[J]. IEEE Transactions on Emerging Topics in Computing, 2018. DOI:10.1109/TETC.2017.2756908. [8] SRINIVASAN C R. Hobby hackers to billion-dollar industry:The evolution of ransomware[J]. Computer Fraud & Security, 2017, 2017(11):7-9. [9] MCGILL J K. Ransomware:Is your practice protected?[J]. Journal of Clinical Orthodontics:JCO, 2018, 52(4):237-239. [10] BREWER R. Ransomware attacks:Detection, prevention and cure[J]. Network Security, 2016, 2016(9):5-9. [11] LI T. Dynamic detection for computer virus based on immune system[J]. Science in China Series F:Information Science, 2008, 51(10):1475-1486. [12] PENNISI E. Immunology:Teetering on the brink of danger[J]. Science, 1996, 271(5256):1665-1667. [13] YOSIFOVICH P, RUSSINOVICH M E, SOLOMON D A, et al. Windows internals, Part 1:System architecture, processes, threads, memory management, and more[M]. 7th ed. Hoboken:Microsoft Press, 2017. [14] PERELSON A S, WEISBUCH G. Immunology for physicists[J]. Review of Modern Physics, 1997, 69(4):1219-1263.