STUDY OF THE STRUCTURE OF THE SYSTEM FOR DETECTING AND PREVENTING RANSOMWARE ATTACKS BASED ON ENDPOINT DETECTION AND RESPONSE
DOI:
https://doi.org/10.28925/2663-4023.2023.19.6982Abstract
The paper discusses the challenges and limitations of current ransomware detection and prevention systems, as well as potential future developments in the field. One key challenge is the constantly evolving nature of ransomware attacks, which requires systems to be regularly updated and adapted to stay effective. Another challenge is the need for systems to be able to distinguish between legitimate and malicious software, as well as different types of ransomware. To address these challenges, the paper proposes a number of functional and non-functional requirements for ransomware detection and counteraction systems. These include the ability to detect and respond to attacks in real time or close to it, the ability to analyze and classify different types of ransomware, and the ability to integrate with other security systems and tools. Additionally, non-functional requirements such as scalability, performance, and security should also be considered.The paper also presents a detailed analysis of the different types of ransomware detection and counteraction systems currently available, including intrusion detection systems (IDS), endpoint detection and response (EDR), and modern antiviruses. It also provides a comparison of their strengths and weaknesses, and a classification of existing solutions according to their similarity. Finally, the paper presents an evaluation algorithm for assessing the quality of products for detecting and countering ransomware. The algorithm is based on a set of functional and non-functional requirements and is designed to provide a comprehensive and objective assessment of the capabilities of different systems. The algorithm is validated through a series of tests and experiments, which demonstrate its effectiveness in identifying the best solutions for detecting and countering ransomware. Overall, this paper provides valuable insights and practical guidance for organizations looking to improve their defenses against ransomware attacks.
Downloads
References
ESET - official website. Eset antivirus programs in Ukraine. ESET. https://www.eset.com/ua/
Now Available: Cisco Security Connector for iOS. Cisco Blogs. https://blogs.cisco.com/security/now-available-cisco-security-connector-for-ios
SentinelOne. Autonomous AI Endpoint Security Platform. SentinelOne DE. https://www.sentinelone.com/
Majors, C., Miranda, G., Fong-Jones, L. (2022). Observability Engineering: Achieving Production Excellence. O'Reilly Media, Incorporated.
A New Paradigm For Cyber Threat Hunting. (2018, 11 of June). The Hacker News. https://thehackernews.com/2018/06/cyber-threat-hunting.html
MITRE ATT&CK. https://attack.mitre.org/wiki/Main_Page
Mohamad Fadli Zolkipli Jantan, A. (2011). An approach for malware behavior identification and classification. In 2011 3rd International Conference on Computer Research and Development (ICCRD). IEEE. https://doi.org/10.1109/iccrd.2011.5764001
Defensive Security Handbook: Best Practices for Securing Infrastructure. (2017). O'Reilly Media.
Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Technical Series Publications. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-94.pdf
Liu, L., Wang, B.-s., Yu, B., Zhong, Q.-x. (2017). Automatic malware classification and new malware detection using machine learning. Frontiers of Information Technology & Electronic Engineering, 18(9), 1336–1347. https://doi.org/10.1631/fitee.1601325
Cylance AI from BlackBerry. BlackBerry – Intelligent Security. Everywhere. https://www.blackberry.com/us/en/products/cylance-endpoint-security/cylance-ai
Cybersecurity Software. Cybereason. Cybersecurity Software. Cybereason. https://www.cybereason.com/
