Articles producció científicaEnginyeria Informàtica i Matemàtiques

Not on my watch: ransomware detection through classification of high-entropy file segments

  • Identification data

    Identifier:  imarina:9452218
    Handlehttps://hdl.handle.net/20.500.11797/imarina9452218
    Authors:  Casino, Fran; Hurley-Smith, Darren; Hernandez-Castro, Julio; Patsakis, Constantinos
    Abstract:
    The double-edged sword of continuous digitization of services and systems opens the door to a myriad of beneficial opportunities, as well as challenging threats. Currently, ransomware is catalogued as the first threat in cybersecurity due to its impact on organizations, critical infrastructure, industry, and society as a whole. Thus, devoting efforts toward developing methodologies to effectively prevent and mitigate ransomware is crucial. In this article, we present an accurate method to identify encrypted bit streams by differentiating them from other high-entropy streams (e.g. compressed files), which is a critical task to detect potentially malicious file write events on the file system in current operating systems. After extensive evaluation, our findings demonstrate that the proposed solution outperforms the current state of the art in both adaptability and accuracy, enabling it to be integrated into current Endpoint Detection and Response systems.

  • Others:

    Link to the original source: https://academic.oup.com/cybersecurity/article/11/1/tyaf009/8109429
    APA: Casino, Fran; Hurley-Smith, Darren; Hernandez-Castro, Julio; Patsakis, Constantinos (2025). Not on my watch: ransomware detection through classification of high-entropy file segments. Journal Of Cybersecurity, 11(1), tyaf009-. DOI: 10.1093/cybsec/tyaf009
    Paper original source: Journal Of Cybersecurity. 11 (1): tyaf009-
    Article's DOI: 10.1093/cybsec/tyaf009
    Journal publication year: 2025
    Entity: Universitat Rovira i Virgili
    Paper version: info:eu-repo/semantics/publishedVersion
    Record's date: 2025-04-30
    URV's Author/s: Casino Cembellín, Francisco José
    Department: Enginyeria Informàtica i Matemàtiques
    Licence document URL: https://repositori.urv.cat/ca/proteccio-de-dades/
    Publication Type: Journal Publications
    Author, as appears in the article.: Casino, Fran; Hurley-Smith, Darren; Hernandez-Castro, Julio; Patsakis, Constantinos
    licence for use: https://creativecommons.org/licenses/by/3.0/es/
    Thematic Areas: Computer networks and communications, Computer science (miscellaneous), Computer science applications, Hardware, Hardware and architecture, Information systems, Law, Political science and international relations, Safety research, Safety, risk, reliability and quality, Social psychology, Social sciences, interdisciplinary, Software
    Author's mail: franciscojose.casino@urv.cat

  • Keywords:

    Encryptio
    Endpoint detection and response systems
    High-entropy sources
    Randomness
    Ransomware
    Computer Networks and Communications
    Computer Science (Miscellaneous)
    Computer Science Applications
    Hardware
    Hardware and Architecture
    Information Systems
    Law
    Political Science and International Relations
    Safety Research
    Safety
    Risk
    Reliability and Quality
    Social Psychology
    Social Sciences
    Interdisciplinary
    Software

  • Documents:

    DocumentPrincipal

  • Cerca a google

    Search to google scholar