Effective Ransomware Detection Using Entropy Estimation of Files for Cloud Services

  • Kyungroul Lee
  • Sun-Young Lee
  • Kangbin YimEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1080)


A variety of data-based services such as cloud services and big data-based services have emerged. These services store data and derive the value of the data, and the reliability and integrity of the data must be ensured. Attackers have taken valuable data hostage for money in attacks called ransomware, and systems infected by ransomware, it is difficult to recover original data from files because they are encrypted and cannot be accessed without keys. To solve this problem, there are cloud services to back up data; however, encrypted files are synchronized to the cloud service, so that when victim systems are infected, which means that the original file cannot restored even from the cloud. Therefore, in this paper, we propose a method to effectively detect ransomware for cloud services by estimating entropy. As experiment results, we detected 100% of the infected files in target files. We demonstrated that our proposed ransomware detection method was very effective compared with other existing methods.


Cloud service Malicious code detection Ransomware Entropy 



This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2018R1A4A1025632).


  1. 1.
    Wikipedia, Cloud computing. Accessed 5 Apr 2019
  2. 2.
    Wikipedia, Big data. Accessed 5 Apr 2019
  3. 3.
    Gazet, A.: Comparative analysis of various ransomware virii. J. Comput. Virol. 6(1), 77–90 (2010)CrossRefGoogle Scholar
  4. 4.
    Wikipedia, Ransomware. Accessed 5 Apr 2019
  5. 5.
    Everett, C.: Ransomware: to pay or not to pay? J. Comput. Fraud. Secur. 2016(4), 8–12 (2016)CrossRefGoogle Scholar
  6. 6.
    Cabaj, K., Gregorczyk, M., Mazurczyk, W.: Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. J. Comput. Electr. Eng. 66, 353–368 (2018)CrossRefGoogle Scholar
  7. 7.
    Paik, J., Choi, J., Jin, R., Wang, J., Cho, E.: A storage-level detection mechanism against crypto-ransomware. In: 25th ACM SIGSAC Conference on Computer and Communications Security, Toronto, Canada, pp. 2258–2260. ACM (2018)Google Scholar
  8. 8.
    Chen, J., Wang, C., Zhao, Z., Chen, K., Du, R., Ahn, G.: Uncovering the face of android ransomware: characterization and real-time detection. J. IEEE Trans. Inf. Forensics Secur. 13(5), 1286–1300 (2017)CrossRefGoogle Scholar
  9. 9.
    Akbanov, M., Vassilakis, V., Logothetis, M.: Ransomware detection and mitigation using software-defined networking: the case of WannaCry. J. Comput. Electr. Eng. 76, 111–121 (2019)CrossRefGoogle Scholar
  10. 10.
    Li, Z., Xiang, C., Wang, C.: Oblivious transfer via lossy encryption from lattice-based cryptography. J. Wirel. Commun. Mob. Comput. 2018(5973285), 11 (2018)Google Scholar
  11. 11.
    Boura, C., Canteaut, A.: On the boomerang uniformity of cryptographic Sboxes. J. IACR Trans. Symmetric Cryptol. 2018(3), 290–310 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Soonchunhyang UniversityAsanSouth Korea

Personalised recommendations