Detection of Ransomware Which Is a Malware That Continues to Cause Significant Data Damage and Financial Losses

Research Goal

The goal of this research is to assess the success of the new ransomware detection of ransomware which is a malware that continues to cause significant data damage and financial losses to many organizations. The article addresses how UNVEIL which is a new dynamic analysis system detects ransomware by assessing its success and significance to the fight against malware. The article creates knowledge of how UNVEIL works and also gives feedback on the success of the automatic ransomware detection software which will play a significant role in the fight against malware (Kharraz et al., 2016). The article gives information on why potential targets of ransomware should choose UNVEIL to protect their systems from malware invasion and backs the success factors of the new system with results from experiments.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Contribution

The author seeks to provide a solution to the growing menace of ransomware which has become a significant threat to information security. The UNVEIL security assessment software is a new approach that offers individuals and organizations greater preparation to counter ransomware attacks which are used by cybercriminals to extort information owners financially through blackmail (Kharraz et al., 2016). Although ransomware attacks were first reported in the 1980s according to the author, apart from UNVEIL no other program has been developed before for proactive protection against ransomware. Ransomware operates by accessing and tampering with files and the desktop and the new dynamic program according to the author maintain automated surveillance to establish any behavior that resembles that of ransomware and inform the user (Kharraz et al., 2016). Therefore, this article creates the functionality of UNVEIL as an information security program and also shows the success margin of the program through experimentation using real-world situations and malware samples.

Methodology

Experimental Research

The article uses experimental research to present the capabilities of UNVEIL ransomware detection automatic system. An experimental research design refers to research where manipulation and testing is using a simulated environment to understand how ransomware affects users and how UNVEIL can be implemented to protect a computer system from malware. In this methodology, the introduction of UNVEIL and a control case using AV scanners where the detection system is not in place are used to assess the effectivity of UNVEIL in revealing malware as well as modeling how they work (Kharraz et al., 2016). In the experimental method used there are a learning phase and a testing phase which seek to increase the existing knowledge about malware and the functionality of UNVEIL.

In one experiment, the authors use a long-term experimental study that involves 148,223 malware samples, and the experimental result shows that UNVEIL can detect correctly 13m 637 ransomware from different families using real-time data and conditions (Kharraz et al., 2016). The experiment shows that no false positives were identified during the experiment which signifies the success of UNVEIL. AV scanners were used in the parallel experiment to assess its response to ransomware and unlike UNVEIL the other scanner did not detect ransomware (Kharraz et al., 2016). Two experiments were carried out with the aim of increasing the validity of the final results and ensuring that UNVEIL was effective in detecting ransomware from a pool of malware without any defection because accuracy plays a significant role in data security and there is no room for second guessing regarding the security defense system.

Results

After the two experiments, the results indicate that UNVEIL is a practical approach to tackling ransomware and can help to create relieve to the many organizations that have suffered in the hands of cyber attackers using ransomware. The UNVEIL detection rate is 9.2% of the data set as containing ransomware in the file locker and the desktop locker. The detection of the results was used done manually to check for false positives by assessing the structural similarity and using the OCR technique which resulted in the correct report of 4,936 samples through a ransom note and it was based on the I/O reports and activities and there were no false positives identified in the experiments (Kharraz et al., 2016). In terms of false negatives, the author was faced by the challenge of checking manually and instead an approximation was done. By assessing the dissimilarity score of the desktop locker the author found 377 samples of locker ransomware that UNVEIL was not able to identify (Kharraz et al., 2016). The experiment concluded that UNVEIL was able to detect different ransomware attacks and the false positives rate was zero (Kharraz et al., 2016). UNVEIL success in malware identification is unrivaled due to the high recognition of ransomware compared to other malware detection software that was used to check against (Kharraz et al., 2016). The results were practical and the only challenge observed was the fact that malware authors can change their defensive advances continuously and adapt their attacks. But the cost of adapting to changes made it difficult for ransomware authors to adapt to changes.

Validation

There is validity of UNVEIL in ransomware detection due to the program high success rate and zero false positives. The percentage of rightly identifying ransomware was high even after repeatedly assessing the malware (Kharraz et al., 2016). The author uses two experiment to evaluate UNVEIL success which further indicates a high success rate and full proof of the program to be able to identify ransomware. The comparison of other programs such as AV scanners to compare with UNVEIL indicates that there is a high validity of UNVEIL in ransomware detection. Multiple submissions showed no changes or variations in the results which indicate a high validity compared to other ransomware trackers that were not able to detect 72.3% of the ransomware that UNVEIL correctly identified (Kharraz et al., 2016). Further, there is validity in UNVEIL use because the program is able to detect any new families of ransomware which is key in computer security and fighting future introduced ransomware. Lastly, the validity of UNVEIL is based on the experimental testing which has provided real-time results from the real-time experimentation of unknown and known malware where UNVEIL can correctly detect and identify the ransomware.

Critique

Artificial Situations that do not Represent Real-Life Situations

In the research, the authors do not identify the role of variation in experimental and real-life cyber situations causing validity in UNVEIL results. In the experimentation study, the situation and variables are highly controlled but this does not create fully realistic life situations. As such, ransomware authors can manipulate different real-life situations and become even more sophisticated and the current research does not identify the impact of such a scenario. The differences in real life and experimental situations can lead to extraneous variability in the research which is a limitation because it affects the research validity (Gaines et al., 2007). As such, the gap between real life situations and the experimental situation can be overcome through random assignment of malware to increase the representation of real life ransomware environment (Gaines et al., 2007). Random assignment of malware in the experiment can ensure that the sample malware used in the research identify with the malware that is currently being used by cyber attackers. The lower the difference between the real-life situation and the experimental situation the more significant the validity of the experiment to assess UNVEIL effectivity in detecting ransomware.

Personal Opinion on the Article Contribution

Personally, the article is a significant achievement towards demystifying the chaos caused by ransomware and ransomware attackers. UNVEIL increases information security by making it possible for people to identify different ransomware by manipulating the text goal that is used by cyber attackers to corrupt data. UNVEIL can be used to guard against ransomware by identifying ransomware in time before they can infiltrate personal information files.

References

Gaines, B. J., Kuklinski, J. H., & Quirk, P. J. (2007). The logic of the survey experiment reexamined. Political Analysis, 15(1), 1-20.

Kharraz, A., Arshad, S., Mulliner, C., Robertson, W. K., & Kirda, E. (2016, August). UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In USENIX Security Symposium (pp. 757-772).