Abstract
Modern day ransomware families implement sophisticated encryption and propagation schemes, thus limiting chances to recover the data almost to zero. We investigate the use of software-defined networking (SDN) to detect and mitigate advanced ransomware threat. We present our ransomware analysis results and our developed SDN-based security framework. For the proof of concept, the infamous WannaCry ransomware was used. Based on the obtained results, we design an SDN detection and mitigation framework and develop a solution based on OpenFlow. The developed solution detects suspicious activities through network traffic monitoring and blocks infected hosts by adding flow table entries into OpenFlow switches in a real-time manner. Finally, our experiments with multiple samples of WannaCry show that the developed mechanism in all cases is able to promptly detect the infected machines and prevent WannaCry from spreading.
Original language | English |
---|---|
Pages (from-to) | 111-121 |
Number of pages | 11 |
Journal | Computers & Electrical Engineering |
Volume | 76 |
Issue number | June 2019 |
Early online date | 21 Mar 2019 |
DOIs | |
Publication status | Published - Jun 2019 |
Bibliographical note
© 2019 Elsevier Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy.Keywords
- WannaCry
- Ransomware
- Software-defined networking
- OpenFlow
- Malware analysis