FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4312101577> ?p ?o ?g. }

• W4312101577 abstract "Since 2015, the attacks targeting enterprises' and users' data have gained importance due to the value this data has for both. This kind of attacks is called 'crypto-ransomware' and it encrypts the data stored in the local machine or in servers, asking for a payment to recover it. The aim of this thesis is to detect this kind of attacks. We have collected and analysed more than 90 different ransomware variants in order to learn the common behaviour patterns for being able to detect them. Enterprises are more affected by these attacks, comparing to home users. Usually an attack to an enterprise has a high economic cost due to the high value the information has and the necessity of stopping its activity until recovering it. Therefore, in a common enterprises' network there usually are servers that store all the data making it accessible for all users in the network. A single user infected by ransomware could encrypt all data stored in these servers, causing high information loss and economic damage. In this work we focus on this king of scenarios, in which the information is stored in servers and accessible by the users. For the firrst detection tool developed in this thesis, we captured the network traffic between the users and the shared server. We found common traffic patterns that were not present in a normal user traffic capture and we used them for detecting the attack. Specifically, we used the read, write and delete operations that ransomware must perform for distinguish their traffic from users'. The tool, that must decode the network protocol, achieved a 100% detection rate in all studied binaries with a false positive rate low (1 in 15 days of 300 users' traffic). However, the main limitation is that the tool is not effective in scenarios with encrypted file-sharing protocols, which is usual in actual modern versions. Other version of the tool is developed in oder to overcome this limitation, basing the detection in traffic patterns instead of in the operations performed by the users. We have compared diffeerent machine learning models in order to find the one that best fits our scenario. Once selected, we have analysed its evolution chronologically emulating real implementation in which the model is updated when new ransomware sample appears. We have updated the model with samples appeared from 2015 to 2021 and the detection efficiency improves training it with every new sample. The traffic traces used in this study have been shared in a public repository, availables for other researchers. There are also available the ransomwares' operation sequences performed on the server stored files." @default.
• W4312101577 created "2023-01-04" @default.
• W4312101577 creator A5031508493 @default.
• W4312101577 creator A5084542243 @default.
• W4312101577 date "2022-12-23" @default.
• W4312101577 modified "2023-09-27" @default.
• W4312101577 title "Desarrollo y análisis de modelos de detección de crypto-ransomware en base a tráfico de compartición de ficheros" @default.
• W4312101577 doi "https://doi.org/10.48035/tesis/2454/44479" @default.
• W4312101577 hasPublicationYear "2022" @default.
• W4312101577 type Work @default.
• W4312101577 citedByCount "0" @default.
• W4312101577 crossrefType "dissertation" @default.
• W4312101577 hasAuthorship W4312101577A5031508493 @default.
• W4312101577 hasAuthorship W4312101577A5084542243 @default.
• W4312101577 hasBestOaLocation W43121015771 @default.
• W4312101577 hasConcept C120665830 @default.
• W4312101577 hasConcept C121332964 @default.
• W4312101577 hasConcept C136764020 @default.
• W4312101577 hasConcept C145097563 @default.
• W4312101577 hasConcept C148730421 @default.
• W4312101577 hasConcept C192209626 @default.
• W4312101577 hasConcept C2777667771 @default.
• W4312101577 hasConcept C31258907 @default.
• W4312101577 hasConcept C38652104 @default.
• W4312101577 hasConcept C41008148 @default.
• W4312101577 hasConcept C541664917 @default.
• W4312101577 hasConcept C93996380 @default.
• W4312101577 hasConceptScore W4312101577C120665830 @default.
• W4312101577 hasConceptScore W4312101577C121332964 @default.
• W4312101577 hasConceptScore W4312101577C136764020 @default.
• W4312101577 hasConceptScore W4312101577C145097563 @default.
• W4312101577 hasConceptScore W4312101577C148730421 @default.
• W4312101577 hasConceptScore W4312101577C192209626 @default.
• W4312101577 hasConceptScore W4312101577C2777667771 @default.
• W4312101577 hasConceptScore W4312101577C31258907 @default.
• W4312101577 hasConceptScore W4312101577C38652104 @default.
• W4312101577 hasConceptScore W4312101577C41008148 @default.
• W4312101577 hasConceptScore W4312101577C541664917 @default.
• W4312101577 hasConceptScore W4312101577C93996380 @default.
• W4312101577 hasLocation W43121015771 @default.
• W4312101577 hasOpenAccess W4312101577 @default.
• W4312101577 hasPrimaryLocation W43121015771 @default.
• W4312101577 hasRelatedWork W2130966263 @default.
• W4312101577 hasRelatedWork W2362737126 @default.
• W4312101577 hasRelatedWork W2892886244 @default.
• W4312101577 hasRelatedWork W2907086310 @default.
• W4312101577 hasRelatedWork W2962911305 @default.
• W4312101577 hasRelatedWork W3076507384 @default.
• W4312101577 hasRelatedWork W3114032950 @default.
• W4312101577 hasRelatedWork W3210247275 @default.
• W4312101577 hasRelatedWork W4224941017 @default.
• W4312101577 hasRelatedWork W4361733095 @default.
• W4312101577 isParatext "false" @default.
• W4312101577 isRetracted "false" @default.
• W4312101577 workType "dissertation" @default.