An Adaptive Security Architecture for Detecting Ransomware Attack Using Open Source Software
Version: 1,
Uploaded by: Administrator,
Date Uploaded:
26 November 2022
Warning
You are about to be redirected to a website not operated by the Mauritius Research and Innovation Council. Kindly note that we are not responsible for the availability or content of the linked site. Are you sure you want to leave this page?
Ransomware is a serious security threat faced by organizations and individuals today, and ransomware attacks are on the increase. There is no infallible solution for protecting against ransomware as the malware code uses metamorphic and polymorphic algorithms to generate different versions thus evading signature detection. Ransomware also uses domain generator algorithms (DGA) to generate new domains for the command and control server (C&C), they constantly exploit new vulnerabilities, and they use various infection vectors. Thus, for an organization to protect itself, an adaptive security architecture is required to constantly monitor the network so as to detect new ransomware infection at an early stage such that it can be blocked before encryption of files occur. This approach is a defence in depth approach which supplements the network defences such as patch management, anti-virus software, intrusion detection, firewalls, and content filtering. A framework for the implementation of the adaptive security architecture model using open source software is presented and the proposed framework is tested against the WannaCry and Petya ransomware. The proposed framework was successfully able to alert of the ransomware attack and by the use of the AppLocker feature on Windows, it was even possible to prevent the Petya ransomware from executing on the victim host.