Ransomware is a very effective form of malware, which recently raised a lot of attention since an impressive number of workstations was affected. This malware is able to encrypt the files located in the infected machine and block the access to them. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in bitcoins. In this paper we discuss an hybrid framework, combining static and dynamic analysis, exploiting APIs to prevent and mitigate ransomware threats. The evaluation, considering 1000 legitimate and ransomware applications, demonstrates that the hybrid API calls-based detection can be proved to be a promising direction in ransomware prevention and mitigation.

A framework for supporting ransomware detection and prevention based on hybrid analysis

Mercaldo F.
2021-01-01

Abstract

Ransomware is a very effective form of malware, which recently raised a lot of attention since an impressive number of workstations was affected. This malware is able to encrypt the files located in the infected machine and block the access to them. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in bitcoins. In this paper we discuss an hybrid framework, combining static and dynamic analysis, exploiting APIs to prevent and mitigate ransomware threats. The evaluation, considering 1000 legitimate and ransomware applications, demonstrates that the hybrid API calls-based detection can be proved to be a promising direction in ransomware prevention and mitigation.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11695/115634
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 5
social impact