Analysis of Crypto-Ransomware Using Network Traffic
Ransomware is a form of malware attack that makes use of encryption to make information inaccessible for the motive of gathering a specified amount of payment. Many victims of this attack who couldn’t recover their information from backups have been compelled to decide between losing the information...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Naif University Publishing House
2022-06-01
|
| Series: | Journal of Information Security and Cybercrimes Research |
| Subjects: | |
| Online Access: | https://journals.nauss.edu.sa/index.php/JISCR/article/view/1805 |
| _version_ | 1827320110259372032 |
|---|---|
| author | Otasowie Owolafe Aderonke F. Thompson |
| author_facet | Otasowie Owolafe Aderonke F. Thompson |
| author_sort | Otasowie Owolafe |
| collection | DOAJ |
| description | Ransomware is a form of malware attack that makes use of encryption to make information inaccessible for the motive of gathering a specified amount of payment. Many victims of this attack who couldn’t recover their information from backups have been compelled to decide between losing the information or paying the sum requested by the attacker. This research shows some of the various samples of ransomware, the phases of attack, and the chance of recognizing ransomware by the network traffic patterns it generates. Traffic generated from the infected system was considered. Experimental results from the ransomware detection show that some certain ransomware is very noisy and generates noticeable traffic patterns. In light of traffic information gathered from ransomware, conceivable discovery thoughts could be investigated. The result of the analysis shows that some ransomware generates traffic that is different from normal network traffic. Also, the infection of the file server system shows that the length and time vary but after infection the time for the different samples of ransomware to carry out its encryption is constant. |
| first_indexed | 2024-04-25T00:40:52Z |
| format | Article |
| id | doaj.art-7f9491b52a9e44f9a5b37bd1bcf90ca5 |
| institution | Directory Open Access Journal |
| issn | 1658-7782 1658-7790 |
| language | English |
| last_indexed | 2024-04-25T00:40:52Z |
| publishDate | 2022-06-01 |
| publisher | Naif University Publishing House |
| record_format | Article |
| series | Journal of Information Security and Cybercrimes Research |
| spelling | doaj.art-7f9491b52a9e44f9a5b37bd1bcf90ca52024-03-12T11:14:07ZengNaif University Publishing HouseJournal of Information Security and Cybercrimes Research1658-77821658-77902022-06-0151768310.26735/JVUJ34981509Analysis of Crypto-Ransomware Using Network TrafficOtasowie Owolafe0Aderonke F. Thompson1The Federal University of Technology Akure, Akure, Nigeria.The Federal University of Technology Akure, Akure, Nigeria.Ransomware is a form of malware attack that makes use of encryption to make information inaccessible for the motive of gathering a specified amount of payment. Many victims of this attack who couldn’t recover their information from backups have been compelled to decide between losing the information or paying the sum requested by the attacker. This research shows some of the various samples of ransomware, the phases of attack, and the chance of recognizing ransomware by the network traffic patterns it generates. Traffic generated from the infected system was considered. Experimental results from the ransomware detection show that some certain ransomware is very noisy and generates noticeable traffic patterns. In light of traffic information gathered from ransomware, conceivable discovery thoughts could be investigated. The result of the analysis shows that some ransomware generates traffic that is different from normal network traffic. Also, the infection of the file server system shows that the length and time vary but after infection the time for the different samples of ransomware to carry out its encryption is constant.https://journals.nauss.edu.sa/index.php/JISCR/article/view/1805cybersecuritycrypto-mixcrypto-ransomwarecrypto-shieldmessage block (smb2)network trafficransomware |
| spellingShingle | Otasowie Owolafe Aderonke F. Thompson Analysis of Crypto-Ransomware Using Network Traffic Journal of Information Security and Cybercrimes Research cybersecurity crypto-mix crypto-ransomware crypto-shield message block (smb2) network traffic ransomware |
| title | Analysis of Crypto-Ransomware Using Network Traffic |
| title_full | Analysis of Crypto-Ransomware Using Network Traffic |
| title_fullStr | Analysis of Crypto-Ransomware Using Network Traffic |
| title_full_unstemmed | Analysis of Crypto-Ransomware Using Network Traffic |
| title_short | Analysis of Crypto-Ransomware Using Network Traffic |
| title_sort | analysis of crypto ransomware using network traffic |
| topic | cybersecurity crypto-mix crypto-ransomware crypto-shield message block (smb2) network traffic ransomware |
| url | https://journals.nauss.edu.sa/index.php/JISCR/article/view/1805 |
| work_keys_str_mv | AT otasowieowolafe analysisofcryptoransomwareusingnetworktraffic AT aderonkefthompson analysisofcryptoransomwareusingnetworktraffic |