Lockout-Tagout Ransomware: A Detection Method for Ransomware using Fuzzy Hashing and Clustering

Nitin Naik, Paul Jenkins, Jonathan Gillett, Haralambos Mouratidis, Kshirasagar Naik, Jingping Song

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBN

Abstract

Ransomware attacks are a prevalent cybersecurity threat to every user and enterprise today. This is attributed to their polymorphic behaviour and dispersion of inexhaustible versions due to the same ransomware family or threat actor. A certain ransomware family or threat actor repeatedly utilises nearly the same style or codebase to create a vast number of ransomware versions. Therefore, it is essential for users and enterprises to keep well-informed about this threat landscape and adopt proactive prevention strategies to minimise its spread and affects. This requires a technique to detect ransomware samples to determine the similarity and link with the known ransomware family or threat actor. Therefore, this paper presents a detection method for ransomware by employing a combination of a similarity preserving hashing method called fuzzy hashing and a clustering method. This detection method is applied on the collected WannaCry/WannaCryptor ransomware samples utilising a range of fuzzy hashing and clustering methods. The clustering results of various clustering methods are evaluated through the use of the internal evaluation indexes to determine the accuracy and consistency of their clustering results, thus the effective combination of fuzzy hashing and clustering method as applied to the particular ransomware corpus. The proposed detection method is a static analysis method, which requires fewer computational overheads and performs rapid comparative analysis with respect to other static analysis methods.

Original languageEnglish
Title of host publication2019 IEEE Symposium Series on Computational Intelligence, SSCI 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages641-648
Number of pages8
ISBN (Electronic)9781728124858
ISBN (Print)9781728124865
DOIs
Publication statusPublished - 20 Feb 2020
Event2019 IEEE Symposium Series on Computational Intelligence, SSCI 2019 - Xiamen, China
Duration: 6 Dec 20199 Dec 2019

Conference

Conference2019 IEEE Symposium Series on Computational Intelligence, SSCI 2019
CountryChina
CityXiamen
Period6/12/199/12/19

Bibliographical note

© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be
obtained for all other uses, in any current or future media, including
reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

  • agnes
  • clara
  • clustering
  • diana
  • fuzzy hashing
  • k-means
  • pam
  • ransomware
  • sdhash
  • similarity preserving hashing
  • ssdeep
  • wannacry
  • wannacryptor

Fingerprint Dive into the research topics of 'Lockout-Tagout Ransomware: A Detection Method for Ransomware using Fuzzy Hashing and Clustering'. Together they form a unique fingerprint.

  • Cite this

    Naik, N., Jenkins, P., Gillett, J., Mouratidis, H., Naik, K., & Song, J. (2020). Lockout-Tagout Ransomware: A Detection Method for Ransomware using Fuzzy Hashing and Clustering. In 2019 IEEE Symposium Series on Computational Intelligence, SSCI 2019 (pp. 641-648). [9003148] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SSCI44817.2019.9003148