Cryptography Module Detection and Identification Mechanism on Malicious Ransomware Software (악성 랜섬웨어 SW에 사용된 암호화 모듈에 대한 탐지 및 식별 메커니즘)

Lee, Hyung Woo (이형우)

doi:10.20465/KIOTS.2023.9.1.001

Cryptography Module Detection and Identification Mechanism on Malicious Ransomware Software

Journal of Internet of Things and Convergence
Abbr : JKIOTS
2023, 9(1), pp.1-7
DOI : 10.20465/KIOTS.2023.9.1.001
Publisher : The Korea Internet of Things Society
Research Area : Engineering > Computer Science > Internet Information Processing
Received : October 28, 2022
Accepted : December 8, 2022
Published : February 28, 2023

Lee, Hyung Woo ¹

¹한신대학교

Accredited

ABSTRACT

Cases in which personal terminals or servers are infected by ransomware are rapidly increasing. Ransomware uses a self-developed encryption module or combines existing symmetric key/public key encryption modules to illegally encrypt files stored in the victim system using a key known only to the attacker. Therefore, in order to decrypt it, it is necessary to know the value of the key used, and since the process of finding the decryption key takes a lot of time, financial costs are eventually paid. At this time, most of the ransomware malware is included in a hidden form in binary files, so when the program is executed, the user is infected with the malicious code without even knowing it. Therefore, in order to respond to ransomware attacks in the form of binary files, it is necessary to identify the encryption module used. Therefore, in this study, we developed a mechanism that can detect and identify by reverse analyzing the encryption module applied to the malicious code hidden in the binary file.

KEYWORDS

Ransomware, Hidden Malicious Code, Reverse Engineering, Detection and identification Mechanism.

Citation status

* References for papers published after 2023 are currently being built.

[web] / 2021 / Ransomware Latest Trend Analysis and Implications, Digital & Security Policy, KISA Insight, Vol.02 / Korea Internet & Security Agency / https://www.kisa.or.kr/20301/form?postSeq=4&page=1

[journal] C. Beaman / 2021 / Ransomware : Recent advances, analysis, challenges and future research directions / Computer & Security 111 : 102490~

[journal] H. Alshaikh NR / 2020 / Ransomware prevention and mitigation techniques / International Journal of Computer Applications 117(40) : 31~39

[confproc] P. Bajpai / 2020 / An empirical study of API calls in ransomware / IEEE International Conference on Electro Information Technology (EIT) : 443~448

[confproc] B. Qin / 2020 / API call based ransomware dynamic detection approach using textCNN / 2020International Conference on Big Data, Artificial Intelligence and Internet of Things Engineering (ICBAIE) : 162~166

[journal] 문재연 / 2016 / Ransomware Analysis and Method for Minimize the Damage / 문화기술의 융합 / 국제문화기술진흥원 2(1) : 79~85

[thesis] J. Y. Kim / 2017 / A study on the recovery of ransomware infected file through real-time file behavior analysis / Master / Korea University

[journal] 윤세원 / 2018 / A Study on a Method of Identifying a Block Cipher Algorithm to Increase Ransomware Detection Rate / 정보보호학회논문지 / 한국정보보호학회 28(2) : 347~355

[web] / Wannacry report / https://www.pandasecurity.com/mediacenter/src/uploads/2017/05/WannaCry_Reporten.pdf

[report] / 2019 / SimpleLocker Ransomware Encryption Function Analysis Report / Korea Internet & Security Agency

[report] / 2020 / immuni Ransomware Encryption Function Analysis Report / Korea Internet & Security Agency

[other] Hassannataj Joloudari, J. / 2020 / Early detection of the advanced persistent threat attack using performance analysis of deep learning / arXiv e-prints

[journal] Md Sahrom Abu / 2018 / Cyber Threat Intelligence – Issue and Challenges / Indonesian Journal of Electrical Emgineering and Computer Science 10(1) : 371~379

[journal] 이형우 / 2021 / Intrusion Artifact Acquisition Method based on IoT Botnet Malware / 사물인터넷융복합논문지 / 한국사물인터넷학회 7(3) : 1~8

[journal] Maria Stoyanova / 2020 / A Survey on the Internet of Things(IoT)Forensics : Challenges, Approaches, and Open Issues / IEEE COMMUNICATIONS SURVEYS & TUTORIALS 22(2) : 1191~1221

This paper was written with support from the National Research Foundation of Korea.

KJCKorea
Journal Central

Journal of Internet of Things and Convergence 2023 KCI Impact Factor : 0.89

Cryptography Module Detection and Identification Mechanism on Malicious Ransomware Software

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of Internet of Things and Convergence 2023 KCI Impact Factor : 0.89

Cryptography Module Detection and Identification Mechanism on Malicious Ransomware Software

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (1)

REFERENCES (15) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.