ESCAPADE: Encryption-type-ransomeware: system call based pattern detection
Chew, C., Kumar, V., Patros, P., & Malik, R. (2020). ESCAPADE: Encryption-type-ransomeware: system call based pattern detection. In M. Kutylowski, J. Zhang, & C. Chen (Eds.), Proceedings of 14th International Conference on Network and System Security (NSS 2020), LNCS 12570 (pp. 388–407). Virtual, Melbourne, Australia: Springer. https://doi.org/10.1007/978-3-030-65745-1_23
Permanent Research Commons link: https://hdl.handle.net/10289/14133
Encryption-type ransomware has risen in prominence lately as the go-to malware for threat actors aiming to compromise Android devices. In this paper, we present a ransomware detection technique based on behaviours observed in the system calls performed by the malware. We identify and present some common high-level system call behavioural patterns targeted at encryption-type ransomware and evaluate these patterns. We further present our repeatable and extensible methodology for extracting the system call log and patterns.
This is a post-peer-review, pre-copyedit version of an article published in Proceedings of 14th International Conference on Network and System Security (NSS 2020), LNCS 12570. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-030-65745-1_23. © Springer Nature Switzerland AG 2020.