![]() ![]() In our study, after presenting the behavior of the ransomware in detail, in the monitoring/detecting phase, how the ransomware detection and prevention tool should be created to detect and prevent ransomware on Windows OSs will be explained. That is, machine learning techniques have not been used, and so all materials have been evaluated as inputs to the design of our tool. In training phase, many academic publications, international cyber security vendors’ reports on ransomware, and interview with cyber security experts have been examined and utilized during bringing out our study, and consequently, the attack vectors of the ransomware, the core features, the identification methods and the movements based on the Windows OSs have been found. These are “training/learning” and “monitoring/detecting” phases. The most important factor for anomaly-based detection method is to be able to analyze the data sufficiently to determine the ability and the behavior of the ransomware. Because hash signature samples of zero-day attacks are not recorded in antivirus software databases, detecting ransomware by using anomaly-based detection method is more effective. Various antivirus software using signature-based detection method fail to detect the malware because they perform analysis via hash signature samples in databases. As a result of the payment of the desired amount of ransom, the files can be opened with the decryption key delivered to the user. Ransomware demands ransom from the user for decrypting the encrypted files. ![]() Ransomware, which constantly improves by updating itself and transferring to the network and computing environment, is the most common type of malware used by the attackers recently. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |