The threat of ransomware to the software ecosystem has become increasingly alarming in recent years, which has raised a demand for large-scale and comprehensive ransomware analysis to help develop more effective countermeasures against unknown attacks. In this paper, we first collect a real-world dataset, consisting of 7,796 active ransomware samples, and analyze their behaviors of disrupting data in victim systems. All samples are executed in isolated testbeds to collect all perspectives of six categories of runtime behaviors such as API calls, I/O accesses, and network traffics, and the volume of total logs is up to 1.98 TiB. By assessing collected behaviors, we present six key findings throughout data reconnaissance, data tampering, and data exfiltration phases of ransomware. Based on our findings, we propose three corresponding mitigation strategies to detect ransomware during each of these phases. Experimental results show that they can enhance the capability of state-of-the-art anti-ransomware tools. We report a preliminary result of a 41%-69% increase in detection rate with no additional false positives, showing that our insights are useful.
Thu 18 AprDisplayed time zone: Lisbon change
14:00 - 15:30 | Security 3Research Track / Journal-first Papers / Software Engineering in Practice at Sophia de Mello Breyner Andresen Chair(s): Akond Rahman Auburn University | ||
14:00 15mTalk | An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives Research Track Hanyang Guo Hong Kong Baptist University; Sun Yat-sen University, Hong-Ning Dai Hong Kong Baptist University, Xiapu Luo The Hong Kong Polytechnic University, Zibin Zheng Sun Yat-sen University, Gengyang Xu Department of Computer Science, Hong Kong Baptist University, Fengliang He Department of Computer Science, Hong Kong Baptist University | ||
14:15 15mTalk | Fairness Improvement with Multiple Protected Attributes: How Far Are We? Research Track Zhenpeng Chen Nanyang Technological University, Jie M. Zhang King's College London, Federica Sarro University College London, Mark Harman Meta Platforms, Inc. and UCL Pre-print | ||
14:30 15mTalk | An Empirical Study of Data Disruption by Ransomware Attacks Research Track Yiwei Hou Tsinghua University, Lihua Guo Tsinghua University, Chijin Zhou Tsinghua University, Yiwen Xu Tsinghua University, Zijing Yin Tsinghua University, Shanshan Li National University of Defense Technology, Chengnian Sun University of Waterloo, Yu Jiang Tsinghua University | ||
14:45 15mTalk | Stop Pulling my Rug: Exposing Rug Pull Risks in Crypto Token to Investors Software Engineering in Practice Yuanhang Zhou Tsinghua University, Jingxuan Sun Beijing University of Posts and Telecommunications, Fuchen Ma Tsinghua University, Yuanliang Chen Tsinghua University, Zhen Yan Tsinghua University, Yu Jiang Tsinghua University | ||
15:00 7mTalk | A Closer Look at the Security Risks in the Rust Ecosystem Journal-first Papers Xiaoye Zheng Zhejiang University, Zhiyuan Wan Zhejiang University, Yun Zhang Hangzhou City University, Rui Chang Zhejiang University, David Lo Singapore Management University | ||
15:07 7mTalk | An Empirical Study of Vulnerabilities in Edge Frameworks to Support Security Testing Improvement Journal-first Papers | ||
15:14 7mTalk | A First Look at On-device Models in iOS Apps Journal-first Papers Han Hu Faculty of Information Technology, Monash University, Yujin Huang Monash University, Qiuyuan Chen Tencent Technology, Terry Yue Zhuo Monash University and CSIRO's Data61, Chunyang Chen Technical University of Munich (TUM) | ||