کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
6883501 1444174 2018 16 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics
چکیده انگلیسی
Ransomware is currently one of the key threats facing individuals and corporate Internet users. Especially dangerous is crypto ransomware that encrypts important user data, and it is only possible to recover it once a ransom has been paid. Therefore, devising efficient and effective countermeasures is a pressing necessity. In this paper we present a novel Software-Defined Networking (SDN) based detection approach that utilizes the characteristics of the ransomware communication. Based on an observation of network communication between two crypto ransomware families, namely CryptoWall and Locky, we conclude that an analysis of the HTTP message sequences and their respective content sizes is enough to detect such threats. We show the feasibility of our approach by designing and evaluating a proof-of-concept SDN-based detection system. The experimental results confirm that the proposed approach is feasible and efficient.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Electrical Engineering - Volume 66, February 2018, Pages 353-368
نویسندگان
, , ,