Ransomware Detection through Device and Network Behavior Monitoring
Ransomware consists of malicious software that after infecting a target device prevents the device owner from using effectively the corresponding resources until the demands of the ransomware operator are met usually by paying a ransom, typically using cryptocurrencies.
Despite the growing number of ransomware infections, their increasing sophistication, and their significant financial and operational impact, available defensive mechanisms are still embryonic. Most of the existing approaches are signature-based, and as such struggle with the evolving nature of ransomware, of which currently over 160 different strains have identified.
Furthermore, existing approaches are overwhelmingly host-based. This is because it is very challenging to identify distinctive characteristics of ransomware activity from network traffic. However, such characteristics do exist and can be valuable in early detection of ransomware, or of ongoing ransomware activities. TO BE CONT'D