Ransomware uses encryption methods to make data inaccessible to legitimate users. To date a wide range of ransomware families have been developed and deployed, causing immense damage to governments, corporations, and private users. As these cyberthreats multiply, researchers have proposed a range of ransomware detection and classification schemes. Most of these methods use advanced machine learning techniques to process and analyze real-world ransomware binaries and action sequences. Hence this paper presents a survey of this critical space and classifies existing solutions into several categories, i.e., including network-based, host-based, forensic characterization, and authorship attribution. Key facilities and tools for ransomware analysis are also presented along with open challenges.
翻译:Ransomware使用加密方法使数据对合法用户不可访问。迄今为止,已开发和部署了广泛的勒索软件家族,给政府、企业和私人用户造成了巨大的损害。随着这些网络威胁的增加,研究人员提出了各种勒索软件检测和分类方案。大多数方法使用先进的机器学习技术处理和分析现实世界的勒索软件二进制文件和行为序列。因此,本文对这个关键领域进行了综述,并将现有解决方案分类为几个类别,包括基于网络的、基于主机的、取证特征以及作者归属。还介绍了勒索软件分析的关键设施和工具,以及开放性挑战。