Utilizing Cyber Threat Hunting Techniques to Find Ransomware Attacks: A Survey of the State of the Art

Ransomware is one of the most harmful types of cyber attacks that cause major concerns on a global scale. It makes the victims' resources unusable by encrypting data or locking systems to extort ransom payments. Ransomware has variant families that continue to evolve. Moreover. cybercriminals u...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2022, Vol.10, p.61695-61706
Main Authors: Aldauiji, Fatimah, Batarfi, Omar, Bayousef, Manal
Format: Article
Language:English
Subjects:
Behavioral sciences
Cryptography
cyber threat hunting
cyber threat intelligence
Cybersecurity
Data analysis
Data sources
deep learning
Encryption
Hunting
Intelligence gathering
Internet of Things
Locking systems
machine learning
Malware
malware analysis
Ransomware
Soft sensors
Support vector machines
Threat evaluation
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Ransomware is one of the most harmful types of cyber attacks that cause major concerns on a global scale. It makes the victims' resources unusable by encrypting data or locking systems to extort ransom payments. Ransomware has variant families that continue to evolve. Moreover. cybercriminals use advanced techniques to develop ransomware, making it harder for anti-malware detection systems to detect them. Ransomware solutions need the capabilities of timely and effective detection and response to discover uncommon behavior before losing sensitive data. Cyber threat hunting (CTH) is a novel proactive malware detection approach that includes cyber threat intelligence (CTI) methods and data analysis methods. However, most present CTH solutions depend on internal data sources and reactive techniques to detect unusual activities. An effective CTI technique is required to obtain knowledge from external data sources and combine it with internal sources to enhance the hunting capabilities. Then, using the optimal data analysis technique is needed for the CTH approach to obtain valuable insights into abnormal patterns in running activities in the early stages. In this study, we investigate using a practical CTI approach and different CTH models. Subsequently, we discussed ransomware research directions to detect known and unknown ransomware attacks. Also, we discussed the available ransomware datasets used in present ransomware studies.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2022.3181278