Automatically Traceback RDP-Based Targeted Ransomware Attacks

While various ransomware defense systems have been proposed to deal with traditional randomly-spread ransomware attacks (based on their unique high-noisy behaviors at hosts and on networks), none of them considered ransomware attacks precisely aiming at specific hosts, e.g., using the common Remote Desktop Protocol (RDP). To address this problem, we propose a systematic method to fight such specifically targeted ransomware by trapping attackers via a network deception environment and then using traceback techniques to identify attack sources. In particular, we developed various monitors in the proposed deception environment to gather traceable clues about attackers, and we further design an analysis system that automatically extracts and analyze the collected clues. Our evaluations show that the proposed method can trap the adversary in the deception environment and significantly improve the efficiency of clue analysis. Furthermore, it also helps us trace back RDP-based ransomware attackers and ransomware makers in the practical applications.

• Publication year

  2018

• Venue

  Wireless Communications and Mobile Computing

• Publication date

  2018-12-06

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1155/2018/7943586
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security

  2020cited by this paper
• Toward a Comprehensive Insight Into the Eclipse Attacks of Tor Hidden Services

  2019cited by this paper
• A Data Leakage Prevention Method Based on the Reduction of Confidential and Context Terms for Smart Mobile Devices

  2018cited by this paper
• Trust architecture and reputation evaluation for internet of things

  2018cited by this paper
• Evolution of ransomware

  2018cited by this paper
• A Privacy Preserving Scheme for Nearest Neighbor Query

  2018influential reference
• Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions

  2018cited by this paper
• A Real-Time Correlation of Host-Level Events in Cyber Range Service for Smart Campus

  2018cited by this paper
• RansomTracer: Exploiting Cyber Deception for Ransomware Tracing

  2018influential reference
• A brief study of Wannacry Threat: Ransomware Attack 2017

  2017cited by this paper
• Redemption: Real-Time Protection Against Ransomware at End-Hosts

  2017cited by this paper
• Ransomware and the Legacy Crypto API

  2016cited by this paper
• Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection

  2016cited by this paper
• CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data

  2016cited by this paper
• UNVEIL: A large-scale, automated approach to detecting ransomware (keynote)

  2016cited by this paper
• 2entFOX: A framework for high survivable ransomwares detection

  2016cited by this paper
• Ransomware Steals Your Phone. Formal Methods Rescue It

  2016cited by this paper
• An Efficient Approach to Detect TorrentLocker Ransomware in Computer Systems

  2016cited by this paper
• The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform

  2016cited by this paper
• Emerging Technology Analysis : Deception Techniques and Technologies Create Security Technology Business Opportunities

  2016cited by this paper
• Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares

  2015cited by this paper
• HelDroid: Dissecting and Detecting Mobile Ransomware

  2015cited by this paper
• Design of Quantification Model for Prevent of Cryptolocker

  2015cited by this paper
• Automated Detection and Analysis for Android Ransomware

  2015cited by this paper
• Network activity analysis of CryptoWall ransomware

  2015cited by this paper
• Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks

  2015cited by this paper
• langid.py: An Off-the-shelf Language Identification Tool

  2012cited by this paper
• Managing Information Security Risk: Organization, Mission, and Information System View | NIST

  2011influential reference
• Cooperative fuzzy controllers for autonomous voltage regulation in Smart Grids

  2011cited by this paper
• NLTK: The Natural Language Toolkit

  2006cited by this paper

• International Differences in Windows Remote Desktop Hacking: An Analysis of Honeypot Data

  2026cites this paper
• A Hybrid Machine Learning Approach for Ransomware Detection: Integrating Signature and Anomaly-Based Techniques

  2025cites this paper
• THE EVOLUTION AND MITIGATION OF RANSOMWARE: TECHNIQUES, TACTICS AND RESPONSE STRATEGIES

  2025cites this paper
• An investigation of ransomware incidents in the maritime industry: Exploring the key risk factors

  2024cites this paper
• Malware and Type of Cyber Attacks Targeting Healthcare Industry In the current era, technology has evolved into many industries. As the technology gets upgraded from time to time, the vulnerability of hardware and software do still exist and without prope

  2023cites this paper
• Cryptographic ransomware encryption detection: Survey

  2023cites this paper
• Crypto-Ransomware and Their Defenses: In-Depth Behavioral Characterization, Discussion of Deployability, and New Insights

  2023cites this paper
• A Two-Stage Anomaly Detection Method Based on User Preference Features and the Deep Fusion Model

  2023cites this paper
• Challenges to Sustainable Development in China’s Banking Industry: A Structural Equipment Modeling Approach for Fighting Phishing in China

  2023influential citation
• Enlightening the Darknets: Augmenting Darknet Visibility With Active Probes

  2023cites this paper
• OutletGuarder: Detecting DarkSide Ransomware by Power Factor Correction Signals in an Electrical Outlet

  2023cites this paper
• Securing the Industrial Internet of Things against ransomware attacks: A comprehensive analysis of the emerging threat landscape and detection mechanisms

  2023cites this paper
• DECEPTION BASED TECHNIQUES AGAINST RANSOMWARES: A SYSTEMATIC REVIEW

  2023cites this paper
• A systematic literature review on Ransomware attacks

  2022cites this paper
• Research on Cyber ISR Visualization Method Based on BGP Archive Data through Hacking Case Analysis of North Korean Cyber-Attack Groups

  2022cites this paper
• Machine Learning in Automated Detection of Ransomware: Scope, Benefits and Challenges

  2022cites this paper
• Dynamic user-centric access control for detection of ransomware attacks

  2021cites this paper
• Enforcing situation-aware access control to build malware-resilient file systems

  2021cites this paper
• Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions

  2021influential citation
• Mapping approach for multiscale emulation networks in heterogeneous environments

  2020cites this paper
• Stability of Nonlinear Feedback Shift Registers with Periodic Input

  2020cites this paper
• Ransomware Prevention and Mitigation Techniques

  2020cites this paper
• A Malware Detection Method for Health Sensor Data Based on Machine Learning

  2020cites this paper
• Internet of things and ransomware: Evolution, mitigation and prevention

  2020cites this paper
• A method of chained recommendation for charging piles in internet of vehicles

  2020cites this paper
• Vcash: A Novel Reputation Framework for Identifying Denial of Traffic Service in Internet of Connected Vehicles

  2019cites this paper
• An Intrusion Detection Algorithm Based On Feature Graph

  2019cites this paper
• Intelligent Malware Detection Using a Neural Network Ensemble Based on a Hybrid Search Mechanism

  2019cites this paper
• Time series behavior modeling with digital twin for Internet of Vehicles

  2019cites this paper
• DPIF: A Framework for Distinguishing Unintentional Quality Problems From Potential Shilling Attacks

  2019cites this paper
• Bitcoin Node Discovery: Large-Scale Empirical Evaluation of Network Churn

  2019cites this paper
• A Distributed Cryptanalysis Framework Based on Mobile Phones

  2019cites this paper
• A Comparison of Machine Learning Algorithms for Detecting XSS Attacks

  2019cites this paper
• Lightweight Anonymous Geometric Routing for Internet of Things

  2019cites this paper
• Centralized Fusion Based on Interacting Multiple Model and Adaptive Kalman Filter for Target Tracking in Underwater Acoustic Sensor Networks

  2019cites this paper
• Bitcoin Network Size Estimation Based on Coupon Collection Model

  2019cites this paper
• A Novel Device Identification Method Based on Passive Measurement

  2019cites this paper
• A Survey on Situational Awareness of Ransomware Attacks - Detection and Prevention Parameters

  2019cites this paper
• A novel search engine for Internet of Everything based on dynamic prediction

  2019cites this paper
• the Darknets: Augmenting Darknet Visibility with Active Probes

  year unknowncites this paper
• Darknets: Augmenting Darknet Visibility with Active Probes

  year unknowncites this paper