Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
144 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Minerva: A File-Based Ransomware Detector (2301.11050v3)

Published 26 Jan 2023 in cs.CR, cs.CY, and cs.LG

Abstract: Ransomware attacks have caused billions of dollars in damages in recent years, and are expected to cause billions more in the future. Consequently, significant effort has been devoted to ransomware detection and mitigation. Behavioral-based ransomware detection approaches have garnered considerable attention recently. These behavioral detectors typically rely on process-based behavioral profiles to identify malicious behaviors. However, with an increasing body of literature highlighting the vulnerability of such approaches to evasion attacks, a comprehensive solution to the ransomware problem remains elusive. This paper presents Minerva, a novel, robust approach to ransomware detection. Minerva is engineered to be robust by design against evasion attacks, with architectural and feature selection choices informed by their resilience to adversarial manipulation. We conduct a comprehensive analysis of Minerva across a diverse spectrum of ransomware types, encompassing unseen ransomware as well as variants designed specifically to evade Minerva. Our evaluation showcases the ability of Minerva to accurately identify ransomware, generalize to unseen threats, and withstand evasion attacks. Furthermore, over 99% of detected ransomware are identified within 0.52sec of activity, enabling the adoption of data loss prevention techniques with near-zero overhead.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (46)
  1. SSD-insider: Internal defense of solid-state drive against ransomware with perfect data recovery. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). IEEE, 875–884.
  2. Alan Blinder and Nicole Perlroth. 2018. The New York Times, A Cyberattack Hobbles Atlanta, and Security Experts Shudder.
  3. Black-box Attacks Against Neural Binary Function Detection. In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID ’23). Association for Computing Machinery, 1–16.
  4. ShieldFS: a self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC ’16). Association for Computing Machinery, 336–347.
  5. Have You Poisoned My Data? Defending Neural Networks against Data Poisoning. arXiv preprint arXiv:2403.13523 (2024).
  6. The naked sun: Malicious cooperation between benign-looking processes. In International Conference on Applied Cryptography and Network Security. Springer, 254–274.
  7. Evading Behavioral Classifiers: A Comprehensive Analysis on Evading Ransomware Detection Techniques. Neural Computing and Applications 34, 14 (July 2022), 12077–12096.
  8. Reliable Detection of Compressed and Encrypted Data. Neural Computing and Applications 34, 22 (Nov. 2022), 20379–20393.
  9. Rope: Covert Multi-process Malware Execution with Return-Oriented Programming. In Computer Security – ESORICS 2021. Vol. 12972. Springer International Publishing, Cham, 197–217.
  10. Derek Kortepeter. 2018. Shipping Giant COSCO Brutalized by Ransomware Attack. http://techgenix.com/cosco-ransomware-attack/.
  11. Seamlessly Safeguarding Data Against Ransomware Attacks. IEEE Transactions on Dependable and Secure Computing 20, 1 (2023), 1–16.
  12. RTrap: Trapping and Containing Ransomware With Machine Learning. IEEE Transactions on Information Forensics and Security 18 (2023).
  13. On deception-based protection against cryptographic ransomware. In International conference on detection of intrusions and malware, and vulnerability assessment. Springer, 219–239.
  14. Next Generation Cryptographic Ransomware. In Secure IT Systems. Vol. 11252. Springer International Publishing, Cham, 385–401.
  15. Flow-MAE: Leveraging Masked AutoEncoder for Accurate, Efficient and Robust Malicious Traffic Classification. In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID ’23). Association for Computing Machinery, 297–314.
  16. Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robustness to Bot Attacks. IEEE Intelligent Systems 36, 5 (2021), 104–112. https://doi.org/10.1109/MIS.2020.3036156
  17. Do You Trust Your Model? Emerging Malware Threats in the Deep Learning Ecosystem. arXiv preprint arXiv:2403.03593 (2024).
  18. MaleficNet: Hiding malware into deep neural networks using spread-spectrum channel coding. In European Symposium on Research in Computer Security. Springer, 425–444.
  19. Weiwei Hu and Ying Tan. 2018. Black-box attacks against RNN based malware detection algorithms. (2018).
  20. Kyriakos K Ispoglou and Mathias Payer. 2016. {{\{{malWASH}}\}}: Washing Malware to Evade Dynamic Analysis. In 10th USENIX Workshop on Offensive Technologies (WOOT 16).
  21. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 757–772. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/kharaz
  22. Amin Kharraz and Engin Kirda. 2017. Redemption: Real-Time Protection Against Ransomware at End-Hosts. In Research in Attacks, Intrusions, and Defenses, Marc Dacier, Michael Bailey, Michalis Polychronakis, and Manos Antonakakis (Eds.). Springer International Publishing, Cham, 98–119.
  23. Scott M. Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. In Proceedings of the 31st International Conference on Neural Information Processing Systems (Long Beach, California, USA) (NIPS’17). Curran Associates Inc., Red Hook, NY, USA, 4768–4777.
  24. Malwarebytes. 2024. Malwarebytes Anti-Ransomware for Business. https://www.malwarebytes.com/business/solutions/ransomware/.
  25. An Efficient Approach to Detect TorrentLocker Ransomware in Computer Systems. In Cryptology and Network Security, Sara Foresti and Giuseppe Persiano (Eds.). Vol. 10052. Springer International Publishing, Cham, 532–541.
  26. Shagufta Mehnaz and Elisa Bertino. 2021. A Fine-Grained Approach for Anomaly Detection in File System Accesses With Enhanced Temporal User Profiles. IEEE Transactions on Dependable and Secure Computing 18, 6 (2021), 2535–2550.
  27. Rwguard: A real-time detection system against cryptographic ransomware. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 114–136.
  28. C. Moore. 2016. Detecting Ransomware with Honeypot Techniques. In CCC.
  29. Steve Morgan. 2019. 2019 Official Annual Cybercrime Report.
  30. Ransomware’s early mitigation mechanisms. In Proceedings of the 13th International Conference on Availability, Reliability and Security. 1–10.
  31. A Survey on Windows-Based Ransomware Taxonomy and Detection Mechanisms. ACM Comput. Surv. 54, 6 (2021).
  32. Passflow: guessing passwords with generative flows. In 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 251–262.
  33. Data Aware Defense (DaD): Towards a Generic and Practical Ransomware Countermeasure. In Secure IT Systems, Helger Lipmaa, Aikaterini Mitrokotsa, and Raimundas Matulevičius (Eds.). Vol. 10674. Springer International Publishing, Cham, 192–208.
  34. Vig-WaR: Vigilantly Watching Ransomware for Robust Trapping and Containment. In 2024 37th International Conference on VLSI Design and 2024 23rd International Conference on Embedded Systems (VLSID). IEEE, 449–454.
  35. {{\{{D-TIME}}\}}: Distributed Threadless Independent Malware Execution for Runtime Obfuscation. In 13th USENIX Workshop on Offensive Technologies (WOOT 19).
  36. MalPhase: Fine-Grained Malware Detection Using Network Flow Data. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (Virtual Event, Hong Kong) (ASIA CCS ’21). Association for Computing Machinery, New York, NY, USA, 774–786. https://doi.org/10.1145/3433210.3453101
  37. Query-Efficient GAN Based Black-Box Attack Against Sequence Based Machine and Deep Learning Classifiers. arXiv:1804.08778 [cs] (April 2018). http://arxiv.org/abs/1804.08778
  38. Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Computing Surveys (CSUR) 54, 5 (2021), 1–36.
  39. Windows Internals - Parts 1 and 2 (6th ed.). Microsoft Press.
  40. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. In 36th International Conference on Distributed Computing System (ICDCS).
  41. Shina Sheen and Ashwitha Yadav. 2018. Ransomware detection by mining API call usage. In 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI). IEEE, 983–987.
  42. Splunk. 2022. An Empirically Comparative Analysis of Ransomware Binaries. https://www.splunk.com/en_us/form/an-empirically-comparative-analysis-of-ransomware-binaries.html.
  43. Cybersecurity Ventures. 2023. Global Ransomware Damage Costs Predicted To Exceed 265 Billion By 2031. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach- 250-billion-usd-by-2031/. Accessed: 2024-04-01.
  44. A Method for Summarizing and Classifying Evasive Malware. In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID ’23). Association for Computing Machinery, 455–470.
  45. Fight Malware Like Malware: A New Defense Method Against Crypto Ransomware. IEEE Transactions on Dependable and Secure Computing (2024), 1–13. https://doi.org/10.1109/TDSC.2024.3364209
  46. Limits of i/o based ransomware detection: An imitation based attack. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 2584–2601.
Citations (8)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now