Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall

Krzysztof Cabaj , Wojciech Mazurczyk

Abstract

Currently, different forms of ransomware are increasingly threatening Internet users. Modern ransomware encrypts important user data, and it is only possible to recover it once a ransom has been paid. In this article we show how software-defined networking can be utilized to improve ransomware mitigation. In more detail, we analyze the behavior of popular ransomware — CryptoWall — and, based on this knowledge, propose two real-time mitigation methods. Then we describe the design of an SDN-based system, implemented using OpenFlow, that facilitates a timely reaction to this threat, and is a crucial factor in the case of crypto ransomware. What is important is that such a design does not significantly affect overall network performance. Experimental results confirm that the proposed approach is feasible and efficient.
Author Krzysztof Cabaj II
Krzysztof Cabaj,,
- The Institute of Computer Science
, Wojciech Mazurczyk IT
Wojciech Mazurczyk,,
- The Institute of Telecommunications
Journal seriesIEEE Network, ISSN 0890-8044
Issue year2016
Vol30
No6
Pages14-20
Publication size in sheets0.5
Keywords in EnglishServers, Encryption, Public key, Malware, IP networks, Internet, Forensics, Surveillance, Network security
DOIDOI:10.1109/MNET.2016.1600110NM
URL http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7764294
projectThe Develpment of Digital Communicatios. Project leader: Siuzdak Jerzy, , Phone: +48 22 234-7232, start date 27-04-2015, end date 31-12-2016, IT/2015/statut, Completed
WEiTI Działalność statutowa
Languageen angielski
File
07764294.pdf (file archived - login or check accessibility on faculty) 07764294.pdf 222.22 KB
Score (nominal)45
ScoreMinisterial score = 45.0, 27-03-2017, ArticleFromJournal
Ministerial score (2013-2016) = 45.0, 27-03-2017, ArticleFromJournal
Publication indicators WoS Impact Factor: 2016 = 7.23 (2) - 2016=6.41 (5)
Citation count*16 (2018-02-15)
Cite
Share Share



* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back