Identifying File Interaction Patterns in Ransomware Behaviour

Liam Grant, Simon Parkinson

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Malicious software (Malware) has a rich history of causing significant challenges for both users and system developers alike. The development of different malware types is often resulting from criminal opportunity, and the monetisation of ransomware, coupled with the continuously growing importance of user data, is resulting in ransomware becoming one of the most prominent forms of malware. Detecting and stopping ransomware from executing is challenging due to the large verity of different types, as well as the speed of new instances being developed. This results in static approaches, such as using signatures, ineffective in many instances. This chapter investigates the behavioural analysis of ransomware, and in particular focussed on its interaction with the underlying file system. This study identifies that ransomware instances have unique behavioural patterns, which are significantly different from those of normal user interaction.
Original languageEnglish
Title of host publicationGuide to Vulnerability Analysis for Computer Networks and Systems
Subtitle of host publicationAn Artificial Intelligence Approach
EditorsSimon Parkinson, Andrew Crampton, Richard Hill
Place of PublicationCham
PublisherSpringer, Cham
Chapter14
Pages317-335
Number of pages19
Edition1st
ISBN (Electronic)9783319926247
ISBN (Print)9783319926230
DOIs
Publication statusPublished - 5 Sep 2018

Publication series

NameComputer Communications and Networks
PublisherSpringer
ISSN (Print)1617-7975
ISSN (Electronic)2197-8433

Fingerprint

Malware

Cite this

Grant, L., & Parkinson, S. (2018). Identifying File Interaction Patterns in Ransomware Behaviour. In S. Parkinson, A. Crampton, & R. Hill (Eds.), Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach (1st ed., pp. 317-335). (Computer Communications and Networks). Cham: Springer, Cham. https://doi.org/10.1007/978-3-319-92624-7_14
Grant, Liam ; Parkinson, Simon. / Identifying File Interaction Patterns in Ransomware Behaviour. Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. editor / Simon Parkinson ; Andrew Crampton ; Richard Hill. 1st. ed. Cham : Springer, Cham, 2018. pp. 317-335 (Computer Communications and Networks).
@inbook{e1ba384701904da1838d9ce65e2eafec,
title = "Identifying File Interaction Patterns in Ransomware Behaviour",
abstract = "Malicious software (Malware) has a rich history of causing significant challenges for both users and system developers alike. The development of different malware types is often resulting from criminal opportunity, and the monetisation of ransomware, coupled with the continuously growing importance of user data, is resulting in ransomware becoming one of the most prominent forms of malware. Detecting and stopping ransomware from executing is challenging due to the large verity of different types, as well as the speed of new instances being developed. This results in static approaches, such as using signatures, ineffective in many instances. This chapter investigates the behavioural analysis of ransomware, and in particular focussed on its interaction with the underlying file system. This study identifies that ransomware instances have unique behavioural patterns, which are significantly different from those of normal user interaction.",
author = "Liam Grant and Simon Parkinson",
year = "2018",
month = "9",
day = "5",
doi = "10.1007/978-3-319-92624-7_14",
language = "English",
isbn = "9783319926230",
series = "Computer Communications and Networks",
publisher = "Springer, Cham",
pages = "317--335",
editor = "Simon Parkinson and Andrew Crampton and Richard Hill",
booktitle = "Guide to Vulnerability Analysis for Computer Networks and Systems",
edition = "1st",

}

Grant, L & Parkinson, S 2018, Identifying File Interaction Patterns in Ransomware Behaviour. in S Parkinson, A Crampton & R Hill (eds), Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. 1st edn, Computer Communications and Networks, Springer, Cham, Cham, pp. 317-335. https://doi.org/10.1007/978-3-319-92624-7_14

Identifying File Interaction Patterns in Ransomware Behaviour. / Grant, Liam; Parkinson, Simon.

Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. ed. / Simon Parkinson; Andrew Crampton; Richard Hill. 1st. ed. Cham : Springer, Cham, 2018. p. 317-335 (Computer Communications and Networks).

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Identifying File Interaction Patterns in Ransomware Behaviour

AU - Grant, Liam

AU - Parkinson, Simon

PY - 2018/9/5

Y1 - 2018/9/5

N2 - Malicious software (Malware) has a rich history of causing significant challenges for both users and system developers alike. The development of different malware types is often resulting from criminal opportunity, and the monetisation of ransomware, coupled with the continuously growing importance of user data, is resulting in ransomware becoming one of the most prominent forms of malware. Detecting and stopping ransomware from executing is challenging due to the large verity of different types, as well as the speed of new instances being developed. This results in static approaches, such as using signatures, ineffective in many instances. This chapter investigates the behavioural analysis of ransomware, and in particular focussed on its interaction with the underlying file system. This study identifies that ransomware instances have unique behavioural patterns, which are significantly different from those of normal user interaction.

AB - Malicious software (Malware) has a rich history of causing significant challenges for both users and system developers alike. The development of different malware types is often resulting from criminal opportunity, and the monetisation of ransomware, coupled with the continuously growing importance of user data, is resulting in ransomware becoming one of the most prominent forms of malware. Detecting and stopping ransomware from executing is challenging due to the large verity of different types, as well as the speed of new instances being developed. This results in static approaches, such as using signatures, ineffective in many instances. This chapter investigates the behavioural analysis of ransomware, and in particular focussed on its interaction with the underlying file system. This study identifies that ransomware instances have unique behavioural patterns, which are significantly different from those of normal user interaction.

U2 - 10.1007/978-3-319-92624-7_14

DO - 10.1007/978-3-319-92624-7_14

M3 - Chapter

SN - 9783319926230

T3 - Computer Communications and Networks

SP - 317

EP - 335

BT - Guide to Vulnerability Analysis for Computer Networks and Systems

A2 - Parkinson, Simon

A2 - Crampton, Andrew

A2 - Hill, Richard

PB - Springer, Cham

CY - Cham

ER -

Grant L, Parkinson S. Identifying File Interaction Patterns in Ransomware Behaviour. In Parkinson S, Crampton A, Hill R, editors, Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. 1st ed. Cham: Springer, Cham. 2018. p. 317-335. (Computer Communications and Networks). https://doi.org/10.1007/978-3-319-92624-7_14