Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/54830' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/54830' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Phylogenetic Analysis for Ransomware Detection and Classification into Families | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Phylogenetic Analysis for Ransomware Detection and Classification into Families

The widespread of ransomware experienced in the last years has been caused also by the ability of attackers to introduce changes and mutations that make the malware hard to identify from antimalware software. In this paper we propose a two-phase method based on machine learning on API-level analysis aimed (i) to effectively detect ransomware despite the applied techniques for obfuscation and introduced variations, (ii) to provide a tool for security analysts to track phylogenetic relationships exploiting the binary tree obtained by the classification analysis. We preliminary experimented the proposed method on real-world ransomware applications belonging to three widespread families (i.e., petya, badrabbit and wannacry), obtaining encouraging results in ransomware detection and family identification. A discussion about the ransomware-related phylogenetic relationships is also provided.

Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, {ICETE} 2018 - Volume 2: SECRYPT, Porto, 2018

Autori IIT:

Christina Michailidou

Foto di Christina Michailidou

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: Example.pdf

Attività: Sicurezza nel Cloud Computing