Department of Computer Science, University of Idaho, Moscow, ID 83843, USA.
Department of Computer Science, Najran University, Najran 61441, Saudi Arabia.
Sensors (Basel). 2022 Feb 25;22(5):1837. doi: 10.3390/s22051837.
Recently, ransomware attacks have been among the major threats that target a wide range of Internet and mobile users throughout the world, especially critical cyber physical systems. Due to its unique characteristics, ransomware has attracted the attention of security professionals and researchers toward achieving safer and higher assurance systems that can effectively detect and prevent such attacks. The state-of-the-art crypto ransomware early detection models rely on specific data acquired during the runtime of an attack's lifecycle. However, the evasive mechanisms that these attacks employ to avoid detection often nullify the solutions that are currently in place. More effort is needed to keep up with an attacks' momentum to take the current security defenses to the next level. This survey is devoted to exploring and analyzing the state-of-the-art in ransomware attack detection toward facilitating the research community that endeavors to disrupt this very critical and escalating ransomware problem. The focus is on crypto ransomware as the most prevalent, destructive, and challenging variation. The approaches and open issues pertaining to ransomware detection modeling are reviewed to establish recommendations for future research directions and scope.
最近,勒索软件攻击是针对全球范围内的广大互联网和移动用户,尤其是关键的网络物理系统的主要威胁之一。由于其独特的特点,勒索软件已经引起了安全专业人员和研究人员的关注,他们希望开发更安全、更有保障的系统,能够有效检测和预防此类攻击。最先进的加密勒索软件早期检测模型依赖于在攻击生命周期的运行时获取的特定数据。然而,这些攻击采用的逃避检测的机制往往会使当前的解决方案失效。需要付出更多的努力来跟上攻击的势头,将当前的安全防御提升到一个新的水平。本调查致力于探索和分析勒索软件攻击检测的最新技术,为努力解决这一非常关键和不断升级的勒索软件问题的研究界提供便利。重点是加密勒索软件,因为它是最普遍、最具破坏性和最具挑战性的变种。审查了与勒索软件检测建模相关的方法和未解决的问题,以为未来的研究方向和范围建立建议。
