Akbanov, Maxat, Vasilakis, Vasileios orcid.org/0000-0003-4902-8226 and Logothetis, Michael (2019) Ransomware detection and mitigation using software-defined networking:the case of WannaCry. Computers & Electrical Engineering. pp. 111-121. ISSN 0045-7906
Abstract
Modern day ransomware families implement sophisticated encryption and propagation schemes, thus limiting chances to recover the data almost to zero. We investigate the use of software-defined networking (SDN) to detect and mitigate advanced ransomware threat. We present our ransomware analysis results and our developed SDN-based security framework. For the proof of concept, the infamous WannaCry ransomware was used. Based on the obtained results, we design an SDN detection and mitigation framework and develop a solution based on OpenFlow. The developed solution detects suspicious activities through network traffic monitoring and blocks infected hosts by adding flow table entries into OpenFlow switches in a real-time manner. Finally, our experiments with multiple samples of WannaCry show that the developed mechanism in all cases is able to promptly detect the infected machines and prevent WannaCry from spreading.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © 2019 Elsevier Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy. |
Keywords: | WannaCry,Ransomware,Software-defined networking,OpenFlow,Malware analysis |
Dates: |
|
Institution: | The University of York |
Academic Units: | The University of York > Faculty of Sciences (York) > Computer Science (York) |
Depositing User: | Pure (York) |
Date Deposited: | 27 Mar 2019 16:40 |
Last Modified: | 02 Apr 2025 23:15 |
Published Version: | https://doi.org/10.1016/j.compeleceng.2019.03.012 |
Status: | Published |
Refereed: | Yes |
Identification Number: | 10.1016/j.compeleceng.2019.03.012 |
Related URLs: | |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:144194 |
Download
Filename: WannaCry_SDN_Akbanov_et_al.pdf
Description: WannaCry_SDN_Akbanov_et_al
Licence: CC-BY-NC-ND 2.5