Litcius/Paper detail

Design of Intrusion Detection Honeypot Using Social Leopard Algorithm to Detect IoT Ransomware Attacks

S. Sibi Chakkaravarthy, D. Sangeetha, Meenalosini Vimal Cruz, V. Vaidehi, Balasubramanian Raman

2020IEEE Access79 citationsDOIOpen Access PDF

Abstract

In recent times, ransomware has become the most significant cyber-attack targeting individuals, enterprises, healthcare industries, and the Internet of Things (IoT). Existing security systems like Intrusion Detection and Prevention System (IDPS) and Anti-virus (AV) as a single monitoring agent is complicated and time-consuming, thus fails in ransomware detection. A robust Intrusion Detection Honeypot (IDH) is proposed to address the issues mentioned above. IDH consists of i) Honeyfolder, ii) Audit Watch, and iii) Complex Event Processing (CEP). Honeyfolder is a decoy folder modeled using Social Leopard Algorithm (SoLA), especially for getting attacked and acting as an early warning system to alert the user during the suspicious file activities. AuditWatch is an Entropy module that verifies the entropy of the files and folders. CEP engine is used to aggregate data from different security systems to confirm the ransomware behavior, attack pattern, and promptly respond to them. The proposed IDH is experimentally tested in a secured testbed using more than 20 variants of recent ransomware of all types. The experimental result confirms that the proposed IDH significantly improves the ransomware detection time, rate, and accuracy compared with the existing state of the art ransomware detection model.

Topics & Concepts

RansomwareComputer scienceHoneypotIntrusion detection systemComputer securityTestbedMalwareComputer networkAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionSpam and Phishing Detection