A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook

Overview

Journal Sensors (Basel)

Publisher MDPI

Specialty Biotechnology

Date 2022 Mar 10

PMID 35270983

Authors

Abdullah Alqahtani

Frederick T Sheldon

Affiliations

Soon will be listed here.

Abstract

Recently, ransomware attacks have been among the major threats that target a wide range of Internet and mobile users throughout the world, especially critical cyber physical systems. Due to its unique characteristics, ransomware has attracted the attention of security professionals and researchers toward achieving safer and higher assurance systems that can effectively detect and prevent such attacks. The state-of-the-art crypto ransomware early detection models rely on specific data acquired during the runtime of an attack's lifecycle. However, the evasive mechanisms that these attacks employ to avoid detection often nullify the solutions that are currently in place. More effort is needed to keep up with an attacks' momentum to take the current security defenses to the next level. This survey is devoted to exploring and analyzing the state-of-the-art in ransomware attack detection toward facilitating the research community that endeavors to disrupt this very critical and escalating ransomware problem. The focus is on crypto ransomware as the most prevalent, destructive, and challenging variation. The approaches and open issues pertaining to ransomware detection modeling are reviewed to establish recommendations for future research directions and scope.

Citing Articles

Optimizing cryptographic protocols against side channel attacks using WGAN-GP and genetic algorithms.

Singh P, Pranav P, Dutta S Sci Rep. 2025; 15(1):2130.

PMID: 39820786 PMC: 11739502. DOI: 10.1038/s41598-025-86118-4.

Revolutionizing SIEM Security: An Innovative Correlation Engine Design for Multi-Layered Attack Detection.

Sheeraz M, Durad M, Paracha M, Mohsin S, Kazmi S, Maple C Sensors (Basel). 2024; 24(15).

PMID: 39123948 PMC: 11314677. DOI: 10.3390/s24154901.

MIFS: A Normalized Hyperbolic Ransomware Deterrence Model Yielding Greater Accuracy and Overall Performance.

Alqahtani A, Sheldon F Sensors (Basel). 2024; 24(6).

PMID: 38543991 PMC: 10975394. DOI: 10.3390/s24061728.

Entropy Sharing in Ransomware: Bypassing Entropy-Based Detection of Cryptographic Operations.

Bang J, Kim J, Lee S Sensors (Basel). 2024; 24(5).

PMID: 38474982 PMC: 10934942. DOI: 10.3390/s24051446.

Plant and Salamander Inspired Network Attack Detection and Data Recovery Model.

Sharma R, Issac B, Xin Q, Gadekallu T, Nath K Sensors (Basel). 2023; 23(12).

PMID: 37420729 PMC: 10302505. DOI: 10.3390/s23125562.

References

Peng H, Long F, Ding C . Feature selection based on mutual information: criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans Pattern Anal Mach Intell. 2005; 27(8):1226-38. DOI: 10.1109/TPAMI.2005.159. View

Parikh D, Polikar R . An ensemble-based incremental learning approach to data fusion. IEEE Trans Syst Man Cybern B Cybern. 2007; 37(2):437-50. DOI: 10.1109/tsmcb.2006.883873. View

Battiti R . Using mutual information for selecting features in supervised neural net learning. IEEE Trans Neural Netw. 1994; 5(4):537-50. DOI: 10.1109/72.298224. View