skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Empirical Analysis and Practical Assessment of Ransomware Attacks to Data in Motion
In recent years, ransomware has established itself as one of the most persistent and devastating threats in cybersecurity. Traditionally, these attacks have focused on data at rest, encrypting files and demanding a ransom for their recovery. However, an alarming trend has emerged: ransomware for attacks to data in motion. This data, which includes information transmitted over networks, is critical to the day-to-day operations of organizations and often receives less protection than stored data. This paper aims to explore and characterize these new ransomware threats for attacks to data in motion. It also aims to test the feasibility of these attacks through the creation and implementation of a laboratory environment, as well as to analyze the potential consequences (based on likelihood and impact assessments) of such attacks if they were to be carried out, providing a comprehensive view of the potential emerging risks and warning of the need to create tools for the prevention, detection and mitigation of these attacks.  more » « less
Award ID(s):
1929739 2241313
PAR ID:
10646045
Author(s) / Creator(s):
; ; ; ; ; ;
Publisher / Repository:
2024 IEEE International Conference on Cyber Security and Resilience (IEEE CSR)
Date Published:
Page Range / eLocation ID:
6
Subject(s) / Keyword(s):
ransomware attacks
Format(s):
Medium: X
Location:
London, England
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, ACM)
    In recent years, ransomware attacks have grown dramatically. New variants continually emerging make tracking and mitigating these threats increasingly difficult using traditional detection methods. As the landscape of ransomware evolves, there is a growing need for more advanced detection techniques. Neural networks have gained popularity as a method to enhance detection accuracy, by leveraging low-level hardware information such as hardware events as features for identifying ransomware attacks. In this paper, we investigated several state-of-the-art supervised learning models, including XGBoost, LightGBM, MLP, and CNN, which are specifically designed to handle time series data or image-based data for ransomware detection. We compared their detection accuracy, computational efficiency, and resource requirements for classification. Our findings indicate that particularly LightGBM, offer a strong balance of high detection accuracy, fast processing speed, and low memory usage, making them highly effective for ransomware detection tasks. 
    more » « less
  2. ; ; (, Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA))
    With the proliferation of using smart and connected devices in the transportation domain, these systems inevitably face security threats from the real world. In this work, we analyze the security of the existing traffic signal systems and summarize the security implications exposed in our analysis. Our research shows that the deployed traffic signal systems can be easily manipulated with physical/remote access and are vulnerable to an array of real-world attacks such as a diversionary tactic. By setting up a standard traffic signal system locally in our lab and partnering with a municipality, we demonstrate that not only can traffic intersections be manipulated to show deadly traffic patterns such as all-direction green lights, but traffic control systems are also susceptible to ransomware and disruption attacks. Through testing and studying these attacks, we provide our security recommendations and mitigations to these threats. 
    more » « less
  3. ; ; ; ; ; (, 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC))
    Malicious attacks, malware, and ransomware families pose critical security issues to cybersecurity, and it may cause catastrophic damages to computer systems, data centers, web, and mobile applications across various industries and businesses. Traditional anti-ransomware systems struggle to fight against newly created sophisticated attacks. Therefore, state-of-the-art techniques like traditional and neural network-based architectures can be immensely utilized in the development of innovative ransomware solutions. In this paper, we present a feature selection-based framework with adopting different machine learning algorithms including neural network-based architectures to classify the security level for ransomware detection and prevention. We applied multiple machine learning algorithms: Decision Tree (DT), Random Forest (RF), Naïve Bayes (NB), Logistic Regression (LR) as well as Neural Network (NN)-based classifiers on a selected number of features for ransomware classification. We performed all the experiments on one ransomware dataset to evaluate our proposed framework. The experimental results demonstrate that RF classifiers outperform other methods in terms of accuracy, F -beta, and precision scores. 
    more » « less
  4. ; ; ; (, Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence)
    Recent proliferation of cryptocurrencies that allow for pseudo-anonymous transactions has resulted in a spike of various e-crime activities and, particularly, cryptocurrency payments in hacking attacks demanding ransom by encrypting sensitive user data. Currently, most hackers use Bitcoin for payments, and existing ransomware detection tools depend only on a couple of heuristics and/or tedious data gathering steps. By capitalizing on the recent advances in Topological Data Analysis, we propose a novel efficient and tractable framework to automatically predict new ransomware transactions in a ransomware family, given only limited records of past transactions. Moreover, our new methodology exhibits high utility to detect emergence of new ransomware families, that is, detecting ransomware with no past records of transactions. 
    more » « less
  5. ; ; (, 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS '22))
    Ransomware is increasingly prevalent in recent years. To defend against ransomware in computing devices using flash memory as external storage, existing designs extract the entire raw flash memory data to restore the external storage to a good state. However, they cannot allow a fine-grained recovery in terms of user files as raw flash memory data do not have the semantics of "files". In this work, we design FFRecovery, a new ransomware defense strategy that can support fine-grained data recovery after the attacks. Our key idea is, to recover a file corrupted by the ransomware, we can 1) restore its file system metadata via file system forensics, and 2) extract its file data via raw data extraction from the flash translation layer, and 3) assemble the corresponding file system metadata and the file data. A simple prototype of FFRecovery has been developed and some preliminary results are provided. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email