Open Repository for the Evaluation of Ransomware Detection Tools
Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for ransom to recover the hijacked documents. Several articles have presented detection techniques for this type of malware; these techniques are applied before the ransomware encrypts files or durin...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9050526/ |
| id |
doaj-505dba8e519f4f9b9c1d52db44e7a347 |
|---|---|
| record_format |
Article |
| spelling |
doaj-505dba8e519f4f9b9c1d52db44e7a3472021-03-30T01:36:16ZengIEEEIEEE Access2169-35362020-01-018656586566910.1109/ACCESS.2020.29841879050526Open Repository for the Evaluation of Ransomware Detection ToolsEduardo Berrueta0https://orcid.org/0000-0002-0076-4479Daniel Morato1https://orcid.org/0000-0002-0831-4042Eduardo Magana2Mikel Izal3https://orcid.org/0000-0002-2770-912XDepartment of Electrical, Electronic and Communications Engineering, Public University of Navarre at Arrosadia Campus, Pamplona, SpainInstitute of Smart Cities, Pamplona, SpainDepartment of Electrical, Electronic and Communications Engineering, Public University of Navarre at Arrosadia Campus, Pamplona, SpainDepartment of Electrical, Electronic and Communications Engineering, Public University of Navarre at Arrosadia Campus, Pamplona, SpainCrypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for ransom to recover the hijacked documents. Several articles have presented detection techniques for this type of malware; these techniques are applied before the ransomware encrypts files or during its action in an infected host. The evaluation of these proposals has always been accomplished using sets of ransomware samples that are prepared locally for the research article, without making the data available. Different studies use different sets of samples and different evaluation metrics, resulting in insufficient comparability. In this paper, we describe a public data repository containing the file access operations of more than 70 ransomware samples during the encryption of a large network shared directory. These data have already been used successfully in the evaluation of a network-based ransomware detection algorithm. Now, we are making these data available to the community and describing their details, how they were captured, and how they can be used in the evaluation and comparison of the results of most ransomware detection techniques.https://ieeexplore.ieee.org/document/9050526/Ransomwareopen repositorytraffic analysis |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Eduardo Berrueta Daniel Morato Eduardo Magana Mikel Izal |
| spellingShingle |
Eduardo Berrueta Daniel Morato Eduardo Magana Mikel Izal Open Repository for the Evaluation of Ransomware Detection Tools IEEE Access Ransomware open repository traffic analysis |
| author_facet |
Eduardo Berrueta Daniel Morato Eduardo Magana Mikel Izal |
| author_sort |
Eduardo Berrueta |
| title |
Open Repository for the Evaluation of Ransomware Detection Tools |
| title_short |
Open Repository for the Evaluation of Ransomware Detection Tools |
| title_full |
Open Repository for the Evaluation of Ransomware Detection Tools |
| title_fullStr |
Open Repository for the Evaluation of Ransomware Detection Tools |
| title_full_unstemmed |
Open Repository for the Evaluation of Ransomware Detection Tools |
| title_sort |
open repository for the evaluation of ransomware detection tools |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2020-01-01 |
| description |
Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for ransom to recover the hijacked documents. Several articles have presented detection techniques for this type of malware; these techniques are applied before the ransomware encrypts files or during its action in an infected host. The evaluation of these proposals has always been accomplished using sets of ransomware samples that are prepared locally for the research article, without making the data available. Different studies use different sets of samples and different evaluation metrics, resulting in insufficient comparability. In this paper, we describe a public data repository containing the file access operations of more than 70 ransomware samples during the encryption of a large network shared directory. These data have already been used successfully in the evaluation of a network-based ransomware detection algorithm. Now, we are making these data available to the community and describing their details, how they were captured, and how they can be used in the evaluation and comparison of the results of most ransomware detection techniques. |
| topic |
Ransomware open repository traffic analysis |
| url |
https://ieeexplore.ieee.org/document/9050526/ |
| work_keys_str_mv |
AT eduardoberrueta openrepositoryfortheevaluationofransomwaredetectiontools AT danielmorato openrepositoryfortheevaluationofransomwaredetectiontools AT eduardomagana openrepositoryfortheevaluationofransomwaredetectiontools AT mikelizal openrepositoryfortheevaluationofransomwaredetectiontools |
| _version_ |
1724186777777864704 |