Effective Ransomware Detection Using Entropy Estimation of Files for Cloud Services
A variety of data-based services such as cloud services and big data-based services have emerged. These services store data and derive the value of the data, and the reliability and integrity of the data must be ensured. Attackers have taken valuable data hostage for money in attacks called ransomware, and systems infected by ransomware, it is difficult to recover original data from files because they are encrypted and cannot be accessed without keys. To solve this problem, there are cloud services to back up data; however, encrypted files are synchronized to the cloud service, so that when victim systems are infected, which means that the original file cannot restored even from the cloud. Therefore, in this paper, we propose a method to effectively detect ransomware for cloud services by estimating entropy. As experiment results, we detected 100% of the infected files in target files. We demonstrated that our proposed ransomware detection method was very effective compared with other existing methods.
KeywordsCloud service Malicious code detection Ransomware Entropy
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2018R1A4A1025632).
- 1.Wikipedia, Cloud computing. https://en.wikipedia.org/wiki/Cloud_computing. Accessed 5 Apr 2019
- 2.Wikipedia, Big data. https://en.wikipedia.org/wiki/Big_data. Accessed 5 Apr 2019
- 4.Wikipedia, Ransomware. https://en.wikipedia.org/wiki/Ransomware. Accessed 5 Apr 2019
- 7.Paik, J., Choi, J., Jin, R., Wang, J., Cho, E.: A storage-level detection mechanism against crypto-ransomware. In: 25th ACM SIGSAC Conference on Computer and Communications Security, Toronto, Canada, pp. 2258–2260. ACM (2018)Google Scholar
- 10.Li, Z., Xiang, C., Wang, C.: Oblivious transfer via lossy encryption from lattice-based cryptography. J. Wirel. Commun. Mob. Comput. 2018(5973285), 11 (2018)Google Scholar
- 11.Boura, C., Canteaut, A.: On the boomerang uniformity of cryptographic Sboxes. J. IACR Trans. Symmetric Cryptol. 2018(3), 290–310 (2018)Google Scholar