Agentes de Análise e Detecção de Ataques Ransomware em Sistemas Linux
Abstract
Ransomware is a malware that affects the data security of systems or devices. It blocks user files by encrypting them and it requires a ransom in exchange for the decryption key. This work presents the development of a solution that aims to detect this threat, in Linux systems, through static agents. The algorithms are built in Python, aided by three programs: inotify, file and strace. Validation tests had been performed, in the perspective of presenting the efficiency of these agents.References
Bahrani, A. and Bidgly, A. J. (2019). Ransomware detection using process mining and classification algorithms. In2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pages 73–77.
Feng, Y., Liu, C., and Liu, B. (2017). Poster: A new approach to detecting ransomware with deception. In 38th IEEE Symposium on Security and Privacy.
Garfinkel, S., Farrell, P., Roussev, V., and Dinolt, G. (2009). Bringing science to digital forensics with standardized forensic corpora. digital investigation, 6:S2–S11.
Giri, B. N., Jyoti, N., and Avert, M. (2006). The emergence of ransomware. AVAR, Auckland.
Gonzalez, D. and Hayajneh, T. (2017). Detection and prevention of cryptoransomware. In 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), pages 472–478. IEEE.
Liska, A. and Gallo, T. (2017). Ransomware: defendendo-se da extorsão digital. São Paulo: Editora Novatec.
Nieuwenhuizen, D. (2017). A behavioural-based approach to ransomware detection. Whitepaper. MWR Labs Whitepaper.
Percivalle, D. and Vanderlind, S. (2015). Oversubscribing inotify on embedded platforms. California, EUA. California Polytechnic State University San Luis Obispo.
Rincón Ques, P. (2017). Estudi eines de traça: ltrace, strace i dtrace. Barcelona, Espanha. Universitat Oberta de Catalunya.
RUSSEL, S. J. and NORVIG, P. (2004). Inteligência artificial: uma abordagem moderna. 2a edição. Rio de Janeiro, Brasil. Editora Campus.
Scaife, N., Carter, H., Traynor, P., and Butler, K. R. (2016). Cryptolock (and drop it): stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pages 303–312. IEEE.
Teixeira, E., Antunes, J., and Neves, N. (2007). Avaliação de ferramentas de análise estática de código para detecção de vulnerabilidades. Faculdade de Ciências da Universidade de Lisboa, Departamento de Informática, page 21.
Young, A. and Yung, M. (1996). Cryptovirology: Extortion-based security threats and countermeasures. In Proceedings 1996 IEEE Symposium on Security and Privacy, pages 129–140. IEEE.
Feng, Y., Liu, C., and Liu, B. (2017). Poster: A new approach to detecting ransomware with deception. In 38th IEEE Symposium on Security and Privacy.
Garfinkel, S., Farrell, P., Roussev, V., and Dinolt, G. (2009). Bringing science to digital forensics with standardized forensic corpora. digital investigation, 6:S2–S11.
Giri, B. N., Jyoti, N., and Avert, M. (2006). The emergence of ransomware. AVAR, Auckland.
Gonzalez, D. and Hayajneh, T. (2017). Detection and prevention of cryptoransomware. In 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), pages 472–478. IEEE.
Liska, A. and Gallo, T. (2017). Ransomware: defendendo-se da extorsão digital. São Paulo: Editora Novatec.
Nieuwenhuizen, D. (2017). A behavioural-based approach to ransomware detection. Whitepaper. MWR Labs Whitepaper.
Percivalle, D. and Vanderlind, S. (2015). Oversubscribing inotify on embedded platforms. California, EUA. California Polytechnic State University San Luis Obispo.
Rincón Ques, P. (2017). Estudi eines de traça: ltrace, strace i dtrace. Barcelona, Espanha. Universitat Oberta de Catalunya.
RUSSEL, S. J. and NORVIG, P. (2004). Inteligência artificial: uma abordagem moderna. 2a edição. Rio de Janeiro, Brasil. Editora Campus.
Scaife, N., Carter, H., Traynor, P., and Butler, K. R. (2016). Cryptolock (and drop it): stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pages 303–312. IEEE.
Teixeira, E., Antunes, J., and Neves, N. (2007). Avaliação de ferramentas de análise estática de código para detecção de vulnerabilidades. Faculdade de Ciências da Universidade de Lisboa, Departamento de Informática, page 21.
Young, A. and Yung, M. (1996). Cryptovirology: Extortion-based security threats and countermeasures. In Proceedings 1996 IEEE Symposium on Security and Privacy, pages 129–140. IEEE.
Published
2020-10-13
How to Cite
MIRANDA, Cryslene Coêlho De Oliveira; MOREIRA, Caio Carvalho; TEIXEIRA, Otávio Noura.
Agentes de Análise e Detecção de Ataques Ransomware em Sistemas Linux. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 20. , 2020, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 205-218.
DOI: https://doi.org/10.5753/sbseg_estendido.2020.19286.
