View in EDS

Pre-Encryption and Identification (PEI): An Anti-crypto Ransomware Technique.

Saved in:
Bibliographic Details
Title: Pre-Encryption and Identification (PEI): An Anti-crypto Ransomware Technique.
Authors: Mantri, Aditya, Singh, Navjot, Kumar, Krishan, Dahiya, Sanjay
Source: IETE Journal of Research; Nov2023, Vol. 69 Issue 11, p8058-8066, 9p
Subject Terms: RANSOMWARE, PATTERN recognition systems, MACHINE learning, DIGITAL currency, RANDOM forest algorithms, PRODUCE markets
Abstract: Due to the growing popularity of digital currencies like Bitcoin, criminals have begun producing and marketing ransomware to obtain virtual currency. This work focuses on the main category (crypto-ransomware) of ransomware attacks, making the victim's data impossible to recover once it has been encrypted. It encrypts its victim's files with an encryption algorithm and tries to extort a ransom from the victim. To identify a crypto-ransomware attack at the pre-encryption level, the authors propose a Pre-Encryption and Identification Technique (PEI). Firstly, PEI provides early identification of ransomware. The detection stage uses a signature comparison against the signatures of known crypto-ransomware to detect ransomware before it can be triggered. For reliable file comparison, a Secure Hashing Algorithm (SHA-256) signature was generated. Secondly, a detection stage based on a Learning Algorithm (L.A.) consisting of discretization and prediction using a random forest model finds crypto-ransomware through pre-encryption Application Programming Interfaces (APIs). APIs pattern recognition helps the learning algorithm identify crypto-ransomware from suspicious programs. The proposed PEI achieved 97.7% recall and detected both known and unknown crypto-ransomware even before they were implemented. [ABSTRACT FROM AUTHOR]
Copyright of IETE Journal of Research is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
Description
Abstract:Due to the growing popularity of digital currencies like Bitcoin, criminals have begun producing and marketing ransomware to obtain virtual currency. This work focuses on the main category (crypto-ransomware) of ransomware attacks, making the victim's data impossible to recover once it has been encrypted. It encrypts its victim's files with an encryption algorithm and tries to extort a ransom from the victim. To identify a crypto-ransomware attack at the pre-encryption level, the authors propose a Pre-Encryption and Identification Technique (PEI). Firstly, PEI provides early identification of ransomware. The detection stage uses a signature comparison against the signatures of known crypto-ransomware to detect ransomware before it can be triggered. For reliable file comparison, a Secure Hashing Algorithm (SHA-256) signature was generated. Secondly, a detection stage based on a Learning Algorithm (L.A.) consisting of discretization and prediction using a random forest model finds crypto-ransomware through pre-encryption Application Programming Interfaces (APIs). APIs pattern recognition helps the learning algorithm identify crypto-ransomware from suspicious programs. The proposed PEI achieved 97.7% recall and detected both known and unknown crypto-ransomware even before they were implemented. [ABSTRACT FROM AUTHOR]
ISSN:03772063
DOI:10.1080/03772063.2022.2048706