Effective Ransomware Detection Using Entropy Estimation of Files for Cloud Services
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lee, Kyungroul | - |
dc.contributor.author | Lee, Jaehyuk | - |
dc.contributor.author | Lee, Sun-Young | - |
dc.contributor.author | Yim, Kangbin | - |
dc.date.accessioned | 2023-05-25T01:41:00Z | - |
dc.date.available | 2023-05-25T01:41:00Z | - |
dc.date.issued | 2023-03 | - |
dc.identifier.issn | 1424-8220 | - |
dc.identifier.issn | 1424-3210 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/sch/handle/2021.sw.sch/22428 | - |
dc.description.abstract | A variety of data-based services such as cloud services and big data-based services have emerged in recent times. These services store data and derive the value of the data. The reliability and integrity of the data must be ensured. Unfortunately, attackers have taken valuable data as hostage for money in attacks called ransomware. It is difficult to recover original data from files in systems infected by ransomware because they are encrypted and cannot be accessed without keys. There are cloud services to backup data; however, encrypted files are synchronized with the cloud service. Therefore, the original file cannot be restored even from the cloud when the victim systems are infected. Therefore, in this paper, we propose a method to effectively detect ransomware for cloud services. The proposed method detects infected files by estimating the entropy to synchronize files based on uniformity, one of the characteristics of encrypted files. For the experiment, files containing sensitive user information and system files for system operation were selected. In this study, we detected 100% of the infected files in all file formats, with no false positives or false negatives. We demonstrate that our proposed ransomware detection method was very effective compared to other existing methods. Based on the results of this paper, we expect that this detection method will not synchronize with a cloud server by detecting infected files even if the victim systems are infected with ransomware. In addition, we expect to restore the original files by backing up the files stored on the cloud server. | - |
dc.language | 영어 | - |
dc.language.iso | ENG | - |
dc.publisher | Multidisciplinary Digital Publishing Institute (MDPI) | - |
dc.title | Effective Ransomware Detection Using Entropy Estimation of Files for Cloud Services | - |
dc.type | Article | - |
dc.publisher.location | 스위스 | - |
dc.identifier.doi | 10.3390/s23063023 | - |
dc.identifier.scopusid | 2-s2.0-85151225279 | - |
dc.identifier.wosid | 000959687900001 | - |
dc.identifier.bibliographicCitation | Sensors, v.23, no.6 | - |
dc.citation.title | Sensors | - |
dc.citation.volume | 23 | - |
dc.citation.number | 6 | - |
dc.type.docType | Article | - |
dc.description.isOpenAccess | Y | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Chemistry | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Instruments & Instrumentation | - |
dc.relation.journalWebOfScienceCategory | Chemistry, Analytical | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Instruments & Instrumentation | - |
dc.subject.keywordPlus | SOFTWARE-DEFINED NETWORKING | - |
dc.subject.keywordAuthor | cloud service | - |
dc.subject.keywordAuthor | entropy | - |
dc.subject.keywordAuthor | malicious code | - |
dc.subject.keywordAuthor | ransomware | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(31538) 22, Soonchunhyang-ro, Asan-si, Chungcheongnam-do, Republic of Korea+82-41-530-1114
COPYRIGHT 2021 by SOONCHUNHYANG UNIVERSITY ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.