Ransomware protection using the moving target defense perspective

Suhyeon Lee; Huy Kang Kim; Kyounggon Kim

doi:10.1016/j.compeleceng.2019.07.014

Ransomware protection using the moving target defense perspective

Suhyeon Lee
, Huy Kang Kim
, Kyounggon Kim^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

36 Citations (Scopus)

Abstract

Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim's important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues to evolve; as a result, it has becomes more difficult to defend. In this study, we analyze major ransomware including WannaCry and propose a method to protect valuable files from existing ransomware. To this end, the moving target defense method is applied by randomly changing the file extensions that ransomware attempts to encrypt. We show that our proposed method can successfully protect files from ransomware. Finally, we present the proposed method which can be reasonably used without performance degradation.

Original language	English
Pages (from-to)	288-299
Number of pages	12
Journal	Computers and Electrical Engineering
Volume	78
DOIs	https://doi.org/10.1016/j.compeleceng.2019.07.014
Publication status	Published - 2019 Sept

Bibliographical note

Publisher Copyright:
© 2019 Elsevier Ltd

Keywords

File extension
Malware
Moving target defense
Randomization
Ransomware

ASJC Scopus subject areas

Control and Systems Engineering
General Computer Science
Electrical and Electronic Engineering

Access to Document

10.1016/j.compeleceng.2019.07.014

Cite this

@article{3a0551761c2e462e975e167f24a14e0f,

title = "Ransomware protection using the moving target defense perspective",

abstract = "Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim's important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues to evolve; as a result, it has becomes more difficult to defend. In this study, we analyze major ransomware including WannaCry and propose a method to protect valuable files from existing ransomware. To this end, the moving target defense method is applied by randomly changing the file extensions that ransomware attempts to encrypt. We show that our proposed method can successfully protect files from ransomware. Finally, we present the proposed method which can be reasonably used without performance degradation.",

keywords = "File extension, Malware, Moving target defense, Randomization, Ransomware",

author = "Suhyeon Lee and Kim, \{Huy Kang\} and Kyounggon Kim",

note = "Publisher Copyright: {\textcopyright} 2019 Elsevier Ltd",

year = "2019",

month = sep,

doi = "10.1016/j.compeleceng.2019.07.014",

language = "English",

volume = "78",

pages = "288--299",

journal = "Computers and Electrical Engineering",

issn = "0045-7906",

publisher = "Elsevier Ltd",

}

TY - JOUR

T1 - Ransomware protection using the moving target defense perspective

AU - Lee, Suhyeon

AU - Kim, Huy Kang

AU - Kim, Kyounggon

PY - 2019/9

Y1 - 2019/9

N2 - Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim's important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues to evolve; as a result, it has becomes more difficult to defend. In this study, we analyze major ransomware including WannaCry and propose a method to protect valuable files from existing ransomware. To this end, the moving target defense method is applied by randomly changing the file extensions that ransomware attempts to encrypt. We show that our proposed method can successfully protect files from ransomware. Finally, we present the proposed method which can be reasonably used without performance degradation.

AB - Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim's important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues to evolve; as a result, it has becomes more difficult to defend. In this study, we analyze major ransomware including WannaCry and propose a method to protect valuable files from existing ransomware. To this end, the moving target defense method is applied by randomly changing the file extensions that ransomware attempts to encrypt. We show that our proposed method can successfully protect files from ransomware. Finally, we present the proposed method which can be reasonably used without performance degradation.

KW - File extension

KW - Malware

KW - Moving target defense

KW - Randomization

KW - Ransomware

UR - https://www.scopus.com/pages/publications/85069972770

U2 - 10.1016/j.compeleceng.2019.07.014

DO - 10.1016/j.compeleceng.2019.07.014

M3 - Article

AN - SCOPUS:85069972770

SN - 0045-7906

VL - 78

SP - 288

EP - 299

JO - Computers and Electrical Engineering

JF - Computers and Electrical Engineering

ER -

Ransomware protection using the moving target defense perspective

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this