TechRxiv
Digital_Immunity__Preventing_Unwanted_Encryption_using_Source_Coding_IEEE_TIFS.pdf (2.54 MB)
Download file

Digital Immunity Module: Preventing Unwanted Encryption using Source Coding

Download (2.54 MB)
preprint
posted on 07.01.2022, 22:26 by Arash MahboubiArash Mahboubi, Keyvan Ansari, Seyit Camtepe, Jarek Duda, Paweł Morawiecki, Marcin Pawłowski, Josef Pieprzyk
Unwanted data encryption, such as ransomware attacks, continues to be a significant cybersecurity threat. Ransomware is a preferred weapon of cybercriminals who target small to large organizations' computer systems and data centres. It is malicious software that infects a victim's computer system and encrypts all its valuable data files. The victim needs to pay a ransom, often in cryptocurrency, in return for a decryption key. Many solutions use methods, including the inspection of file signatures, runtime process behaviors, API calls, and network traffic, to detect ransomware code. However, unwanted data encryption is still a top threat. This paper presents the first immunity solution, called the digital immunity module (DIM). DIM focuses on protecting valuable business-related data files from unwanted encryption rather than detecting malicious codes or processes. We show that methods such as file entropy and fuzzy hashing can be effectively used to sense unwanted encryption on a protected file, triggering our novel source coding method to paralyze the malicious manipulation of data such as ransomware encryption. Specifically, maliciously encrypted data blocks consume exponentially larger space and longer writing time on the DIM-protected file system. As a result, DIM creates enough time for system/human intervention and forensics analysis. Unlike the existing solutions, DIM protects the data regardless of ransomware families and variants. Additionally, DIM can defend against simultaneously active multiple ransomware, including the most recent hard to detect and stop fileless ones. We tested our solution on 39 ransomware families, including the most recent ransomware attacks. DIM successfully defended our sample file dataset (1335 pdf, jpg, and tiff files) against those ransomware attacks with zero file loss.

History

Email Address of Submitting Author

amahboubi@csu.edu.au

ORCID of Submitting Author

0000-0002-0487-0615

Submitting Author's Institution

Charles Sturt Univeristy

Submitting Author's Country

Australia