Ransomware Detection using Markov Chain Models over File Headers

Nicolas Bailluet; Hélène Le Bouder; David Lubicz

Research.Publish.Connect.

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Ransomware Detection using Markov Chain Models over File Headers

Topics: Applied Cryptography; Machine Learning and AI Security; Software Security

In Proceedings of the 18th International Conference on Security and Cryptography SECRYPT - Volume 1, 403-411, 2021

Authors: Nicolas Bailluet ¹ ; Hélène Le Bouder ² and David Lubicz ³

Affiliations: ¹ ENS Rennes, France ; ² OCIF IMT Atlantique Campus Rennes, France ; ³ DGA MI, Bruz, France

Keyword(s): Ransomware, Detection, Malware, Markov Chain, File Header.

Abstract: In this paper, a new approach for the detection of ransomware based on the runtime analysis of their behaviour is presented. The main idea is to get samples by using a mini-filter to intercept write requests, then decide if a sample corresponds to a benign or a malicious write request. To do so, in a learning phase, statistical models of structured file headers are built using Markov chains. Then in a detection phase, a maximum likelihood test is used to decide if a sample provided by a write request is normal or malicious. We introduce new statistical distances between two Markov chains, which are variants of the Kullback-Leibler divergence, which measure the efficiency of a maximum likelihood test to distinguish between two distributions given by Markov chains. This distance and extensive experiments are used to demonstrate the relevance of our method.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 13.58.82.79

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Bailluet, N.; Bouder, H. and Lubicz, D. (2021). Ransomware Detection using Markov Chain Models over File Headers. In Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-524-1; ISSN 2184-7711, SciTePress, pages 403-411. DOI: 10.5220/0010513104030411

@conference{secrypt21,
author={Nicolas Bailluet. and Hélène Le Bouder. and David Lubicz.},
title={Ransomware Detection using Markov Chain Models over File Headers},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT},
year={2021},
pages={403-411},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010513104030411},
isbn={978-989-758-524-1},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT
TI - Ransomware Detection using Markov Chain Models over File Headers
SN - 978-989-758-524-1
IS - 2184-7711
AU - Bailluet, N.
AU - Bouder, H.
AU - Lubicz, D.
PY - 2021
SP - 403
EP - 411
DO - 10.5220/0010513104030411
PB - SciTePress