Talos: a prototype Intrusion Detection and Prevention system for profiling ransomware behaviour
AffiliationUniversity of Chester
MetadataShow full item record
AbstractAbstract: In this paper, we profile the behaviour and functionality of multiple recent variants of WannaCry and CrySiS/Dharma, through static and dynamic malware analysis. We then analyse and detail the commonly occurring behavioural features of ransomware. These features are utilised to develop a prototype Intrusion Detection and Prevention System (IDPS) named Talos, which comprises of several detection mechanisms/components. Benchmarking is later performed to test and validate the performance of the proposed Talos IDPS system and the results discussed in detail. It is established that the Talos system can successfully detect all ransomware variants tested, in an average of 1.7 seconds and instigate remedial action in a timely manner following first detection. The paper concludes with a summarisation of our main findings and discussion of potential future works which may be carried out to allow the effective detection and prevention of ransomware on systems and networks.
CitationA. Wood, T. Eze & L. Speakman (2021). Talos: a prototype Intrusion Detection and Prevention system for profiling ransomware behaviour. 20th European Conference on Cyber Warfare and Security, Chester, England, 2021
JournalECCWS Conference Proceedings
Except where otherwise noted, this item's license is described as https://creativecommons.org/licenses/by-nc-nd/4.0/