An Empirical Study of Ransomware Vulnerabilities Descriptions

Claudia Lanza; Abdelkader Lahmadi; Fabian Osmond

doi:10.5220/0012378700003648

An Empirical Study of Ransomware Vulnerabilities Descriptions

Claudia Lanza, Abdelkader Lahmadi, Fabian Osmond

2024

Abstract

Cyber threat awareness requires the building of an accurate knowledge and analysis of the vulnerabilities used by the attackers and their respective attack toolkits. Ransomware are today one of the most significant threats faced by information systems and their number continues to grow. They are a type of malware targeting the information system by locking its equipment and users data and claiming a ransom for its release. They have been becoming more and more sophisticated and mainly relying on software vulnerabilities to access and lock the system data. In this paper we have carried out an empirical analysis of the Common Vulnerabilities Enumeration (CVE) exploited by known ransomware using a semantic annotation technique in order to create the condition from which to start to build a knowledge base of ransomware behaving processes. The main focus of this paper is towards the way vulnerabilities are commonly exploited by ransomware, their sharing ratio and the definition of their common causes and impacts. We have built a database, by scrapping multiple publicly available security reports, which associates each known ransomware to its used vulnerability contained in the CVE. We have applied a semantic annotation methodology which encompasses a semantic analysis of the CVE dataset through a pattern recognition process. This latter has enabled the extraction for each CVE of its key features, i.e., the cause, the performed exploit action and effect, as well as its impact. In the resulting collected and extracted knowledge we show a twofold analysis, statistical and semantic, of the CVE descriptions and their extracted features.

Download

Paper Citation

in Harvard Style

Lanza C., Lahmadi A. and Osmond F. (2024). An Empirical Study of Ransomware Vulnerabilities Descriptions. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 146-153. DOI: 10.5220/0012378700003648

in Bibtex Style

@conference{icissp24,
author={Claudia Lanza and Abdelkader Lahmadi and Fabian Osmond},
title={An Empirical Study of Ransomware Vulnerabilities Descriptions},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={146-153},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012378700003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - An Empirical Study of Ransomware Vulnerabilities Descriptions
SN - 978-989-758-683-5
AU - Lanza C.
AU - Lahmadi A.
AU - Osmond F.
PY - 2024
SP - 146
EP - 153
DO - 10.5220/0012378700003648
PB - SciTePress