ESCAPADE: Encryption-type-ransomeware: system call based pattern detection

Chew, Christopher; Kumar, Vimal; Patros, Panos; Malik, Robi

doi:10.1007/978-3-030-65745-1_23

Files

ESCAPADE_accepted_ver.pdf

Accepted version, 346.4Kb

DOI

10.1007/978-3-030-65745-1_23

Citation

Export citation

Chew, C., Kumar, V., Patros, P., & Malik, R. (2020). ESCAPADE: Encryption-type-ransomeware: system call based pattern detection. In M. Kutylowski, J. Zhang, & C. Chen (Eds.), Proceedings of 14th International Conference on Network and System Security (NSS 2020), LNCS 12570 (pp. 388–407). Virtual, Melbourne, Australia: Springer. https://doi.org/10.1007/978-3-030-65745-1_23

Permanent Research Commons link: https://hdl.handle.net/10289/14133

Abstract

Encryption-type ransomware has risen in prominence lately as the go-to malware for threat actors aiming to compromise Android devices. In this paper, we present a ransomware detection technique based on behaviours observed in the system calls performed by the malware. We identify and present some common high-level system call behavioural patterns targeted at encryption-type ransomware and evaluate these patterns. We further present our repeatable and extensible methodology for extracting the system call log and patterns.

Date

2020

Type

Conference Contribution

Publisher

Springer

Rights

This is a post-peer-review, pre-copyedit version of an article published in Proceedings of 14th International Conference on Network and System Security (NSS 2020), LNCS 12570. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-030-65745-1_23. © Springer Nature Switzerland AG 2020.

Collections

Computing and Mathematical Sciences Papers [1455]