Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall
Krzysztof Cabaj , Wojciech Mazurczyk
AbstractCurrently, different forms of ransomware are increasingly threatening Internet users. Modern ransomware encrypts important user data, and it is only possible to recover it once a ransom has been paid. In this article we show how software-defined networking can be utilized to improve ransomware mitigation. In more detail, we analyze the behavior of popular ransomware — CryptoWall — and, based on this knowledge, propose two real-time mitigation methods. Then we describe the design of an SDN-based system, implemented using OpenFlow, that facilitates a timely reaction to this threat, and is a crucial factor in the case of crypto ransomware. What is important is that such a design does not significantly affect overall network performance. Experimental results confirm that the proposed approach is feasible and efficient.
|Journal series||IEEE Network, ISSN 0890-8044|
|Publication size in sheets||0.5|
|Keywords in English||Servers, Encryption, Public key, Malware, IP networks, Internet, Forensics, Surveillance, Network security|
|project||The Develpment of Digital Communicatios. Project leader: Siuzdak Jerzy,
, Phone: +48 22 234-7232, start date 27-04-2015, end date 31-12-2016, IT/2015/statut, Completed
|Score|| = 45.0, 27-03-2017, ArticleFromJournal|
= 45.0, 27-03-2017, ArticleFromJournal
|Publication indicators||: 2016 = 7.23 (2) - 2016=6.41 (5)|
|Citation count*||24 (2018-06-20)|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.