By the same authors

Ransomware detection and mitigation using software-defined networking: the case of WannaCry

Research output: Contribution to journalArticle

Standard

Ransomware detection and mitigation using software-defined networking : the case of WannaCry. / Akbanov, Maxat; Vasilakis, Vasileios; Logothetis, Michael.

In: Computers & Electrical Engineering, Vol. 76, No. June 2019, 06.2019, p. 111-121.

Research output: Contribution to journalArticle

Harvard

Akbanov, M, Vasilakis, V & Logothetis, M 2019, 'Ransomware detection and mitigation using software-defined networking: the case of WannaCry', Computers & Electrical Engineering, vol. 76, no. June 2019, pp. 111-121. https://doi.org/10.1016/j.compeleceng.2019.03.012

APA

Akbanov, M., Vasilakis, V., & Logothetis, M. (2019). Ransomware detection and mitigation using software-defined networking: the case of WannaCry. Computers & Electrical Engineering, 76(June 2019), 111-121. https://doi.org/10.1016/j.compeleceng.2019.03.012

Vancouver

Akbanov M, Vasilakis V, Logothetis M. Ransomware detection and mitigation using software-defined networking: the case of WannaCry. Computers & Electrical Engineering. 2019 Jun;76(June 2019):111-121. https://doi.org/10.1016/j.compeleceng.2019.03.012

Author

Akbanov, Maxat ; Vasilakis, Vasileios ; Logothetis, Michael. / Ransomware detection and mitigation using software-defined networking : the case of WannaCry. In: Computers & Electrical Engineering. 2019 ; Vol. 76, No. June 2019. pp. 111-121.

Bibtex - Download

@article{f7b72a51241d4d49b8917e9ceaf17028,
title = "Ransomware detection and mitigation using software-defined networking: the case of WannaCry",
abstract = "Modern day ransomware families implement sophisticated encryption and propagation schemes, thus limiting chances to recover the data almost to zero. We investigate the use of software-defined networking (SDN) to detect and mitigate advanced ransomware threat. We present our ransomware analysis results and our developed SDN-based security framework. For the proof of concept, the infamous WannaCry ransomware was used. Based on the obtained results, we design an SDN detection and mitigation framework and develop a solution based on OpenFlow. The developed solution detects suspicious activities through network traffic monitoring and blocks infected hosts by adding flow table entries into OpenFlow switches in a real-time manner. Finally, our experiments with multiple samples of WannaCry show that the developed mechanism in all cases is able to promptly detect the infected machines and prevent WannaCry from spreading.",
keywords = "WannaCry, Ransomware, Software-defined networking, OpenFlow, Malware analysis",
author = "Maxat Akbanov and Vasileios Vasilakis and Michael Logothetis",
note = "{\circledC} 2019 Elsevier Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy.",
year = "2019",
month = "6",
doi = "10.1016/j.compeleceng.2019.03.012",
language = "English",
volume = "76",
pages = "111--121",
journal = "Computers & Electrical Engineering",
issn = "0045-7906",
publisher = "Elsevier",
number = "June 2019",

}

RIS (suitable for import to EndNote) - Download

TY - JOUR

T1 - Ransomware detection and mitigation using software-defined networking

T2 - Computers & Electrical Engineering

AU - Akbanov, Maxat

AU - Vasilakis, Vasileios

AU - Logothetis, Michael

N1 - © 2019 Elsevier Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy.

PY - 2019/6

Y1 - 2019/6

N2 - Modern day ransomware families implement sophisticated encryption and propagation schemes, thus limiting chances to recover the data almost to zero. We investigate the use of software-defined networking (SDN) to detect and mitigate advanced ransomware threat. We present our ransomware analysis results and our developed SDN-based security framework. For the proof of concept, the infamous WannaCry ransomware was used. Based on the obtained results, we design an SDN detection and mitigation framework and develop a solution based on OpenFlow. The developed solution detects suspicious activities through network traffic monitoring and blocks infected hosts by adding flow table entries into OpenFlow switches in a real-time manner. Finally, our experiments with multiple samples of WannaCry show that the developed mechanism in all cases is able to promptly detect the infected machines and prevent WannaCry from spreading.

AB - Modern day ransomware families implement sophisticated encryption and propagation schemes, thus limiting chances to recover the data almost to zero. We investigate the use of software-defined networking (SDN) to detect and mitigate advanced ransomware threat. We present our ransomware analysis results and our developed SDN-based security framework. For the proof of concept, the infamous WannaCry ransomware was used. Based on the obtained results, we design an SDN detection and mitigation framework and develop a solution based on OpenFlow. The developed solution detects suspicious activities through network traffic monitoring and blocks infected hosts by adding flow table entries into OpenFlow switches in a real-time manner. Finally, our experiments with multiple samples of WannaCry show that the developed mechanism in all cases is able to promptly detect the infected machines and prevent WannaCry from spreading.

KW - WannaCry

KW - Ransomware

KW - Software-defined networking

KW - OpenFlow

KW - Malware analysis

UR - https://authors.elsevier.com/a/1YllAAQLrYWZS

U2 - 10.1016/j.compeleceng.2019.03.012

DO - 10.1016/j.compeleceng.2019.03.012

M3 - Article

VL - 76

SP - 111

EP - 121

JO - Computers & Electrical Engineering

JF - Computers & Electrical Engineering

SN - 0045-7906

IS - June 2019

ER -