Talos: no more ransomware victims with formal methods

Talos: no more ransomware victims with formal methods

Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers will restore the machine and files only after t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2018-11, Vol.17 (6), p.719-738
Hauptverfasser: Cimitile, Aniello, Mercaldo, Francesco, Nardone, Vittoria, Santone, Antonella, Visaggio, Corrado Aaron
Format: Artikel
Sprache:eng
Schlagworte:
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Computer viruses
Cryptology
Currencies
Malware
Management of Computing and Information Systems
Networks
Operating Systems
Ransomware
Regular Contribution
Smartphones
Workstations
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 738
container_issue 6
container_start_page 719
container_title International journal of information security
container_volume 17
creator Cimitile, Aniello
Mercaldo, Francesco
Nardone, Vittoria
Santone, Antonella
Visaggio, Corrado Aaron
description Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in the form of bitcoins. Commercial solutions are still ineffective to recognize the last variants of ransomware, and the problem has been poorly investigated in literature. In this paper we discuss a methodology based on formal methods for detecting ransomware malware on Android devices. We have implemented our method in a tool named Talos. We evaluate the method, and the obtained results show that Talos is very effective in recognizing ransomware (accuracy of 0.99) even when it is obfuscated (accuracy still remains at 0.99).
doi_str_mv 10.1007/s10207-017-0398-5
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1978527548</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1978527548</sourcerecordid><originalsourceid>FETCH-LOGICAL-c316t-34b069ca2c3aab165290e845ffb91b5884f5b0a650c907f60558adefdfc273b33</originalsourceid><addsrcrecordid>eNp1kEFLAzEQhYMoWKs_wNuC59WZZJNNvEnRKhS81HPIpond0t3UZGvx35uyIl48DPMO771hPkKuEW4RoL5LCBTqEjAPU7LkJ2SCAnnJaQ2nv1rQc3KR0gaAIiicEL4025Duiz4UXYiuiKZPoTuYLD9bO7RdKg7tsC58iJ3ZFp0b1mGVLsmZN9vkrn72lLw9PS5nz-Xidf4ye1iUlqEYSlY1IJQ11DJjGhScKnCy4t43ChsuZeV5A0ZwsApqL4BzaVbOr7ylNWsYm5KbsXcXw8fepUFvwj72-aRGVcv8G69kduHosjGkFJ3Xu9h2Jn5pBH2ko0c6OtPRRzqa5wwdMyl7-3cX_zT_G_oGVvdmfw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1978527548</pqid></control><display><type>article</type><title>Talos: no more ransomware victims with formal methods</title><source>EBSCO Business Source Complete</source><source>SpringerLink Journals</source><creator>Cimitile, Aniello ; Mercaldo, Francesco ; Nardone, Vittoria ; Santone, Antonella ; Visaggio, Corrado Aaron</creator><creatorcontrib>Cimitile, Aniello ; Mercaldo, Francesco ; Nardone, Vittoria ; Santone, Antonella ; Visaggio, Corrado Aaron</creatorcontrib><description>Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in the form of bitcoins. Commercial solutions are still ineffective to recognize the last variants of ransomware, and the problem has been poorly investigated in literature. In this paper we discuss a methodology based on formal methods for detecting ransomware malware on Android devices. We have implemented our method in a tool named Talos. We evaluate the method, and the obtained results show that Talos is very effective in recognizing ransomware (accuracy of 0.99) even when it is obfuscated (accuracy still remains at 0.99).</description><identifier>ISSN: 1615-5262</identifier><identifier>EISSN: 1615-5270</identifier><identifier>DOI: 10.1007/s10207-017-0398-5</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Coding and Information Theory ; Communications Engineering ; Computer Communication Networks ; Computer Science ; Computer viruses ; Cryptology ; Currencies ; Malware ; Management of Computing and Information Systems ; Networks ; Operating Systems ; Ransomware ; Regular Contribution ; Smartphones ; Workstations</subject><ispartof>International journal of information security, 2018-11, Vol.17 (6), p.719-738</ispartof><rights>Springer-Verlag GmbH Germany, part of Springer Nature 2017</rights><rights>International Journal of Information Security is a copyright of Springer, (2017). All Rights Reserved.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c316t-34b069ca2c3aab165290e845ffb91b5884f5b0a650c907f60558adefdfc273b33</citedby><cites>FETCH-LOGICAL-c316t-34b069ca2c3aab165290e845ffb91b5884f5b0a650c907f60558adefdfc273b33</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10207-017-0398-5$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10207-017-0398-5$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,776,780,27901,27902,41464,42533,51294</link.rule.ids></links><search><creatorcontrib>Cimitile, Aniello</creatorcontrib><creatorcontrib>Mercaldo, Francesco</creatorcontrib><creatorcontrib>Nardone, Vittoria</creatorcontrib><creatorcontrib>Santone, Antonella</creatorcontrib><creatorcontrib>Visaggio, Corrado Aaron</creatorcontrib><title>Talos: no more ransomware victims with formal methods</title><title>International journal of information security</title><addtitle>Int. J. Inf. Secur</addtitle><description>Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in the form of bitcoins. Commercial solutions are still ineffective to recognize the last variants of ransomware, and the problem has been poorly investigated in literature. In this paper we discuss a methodology based on formal methods for detecting ransomware malware on Android devices. We have implemented our method in a tool named Talos. We evaluate the method, and the obtained results show that Talos is very effective in recognizing ransomware (accuracy of 0.99) even when it is obfuscated (accuracy still remains at 0.99).</description><subject>Coding and Information Theory</subject><subject>Communications Engineering</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Computer viruses</subject><subject>Cryptology</subject><subject>Currencies</subject><subject>Malware</subject><subject>Management of Computing and Information Systems</subject><subject>Networks</subject><subject>Operating Systems</subject><subject>Ransomware</subject><subject>Regular Contribution</subject><subject>Smartphones</subject><subject>Workstations</subject><issn>1615-5262</issn><issn>1615-5270</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNp1kEFLAzEQhYMoWKs_wNuC59WZZJNNvEnRKhS81HPIpond0t3UZGvx35uyIl48DPMO771hPkKuEW4RoL5LCBTqEjAPU7LkJ2SCAnnJaQ2nv1rQc3KR0gaAIiicEL4025Duiz4UXYiuiKZPoTuYLD9bO7RdKg7tsC58iJ3ZFp0b1mGVLsmZN9vkrn72lLw9PS5nz-Xidf4ye1iUlqEYSlY1IJQ11DJjGhScKnCy4t43ChsuZeV5A0ZwsApqL4BzaVbOr7ylNWsYm5KbsXcXw8fepUFvwj72-aRGVcv8G69kduHosjGkFJ3Xu9h2Jn5pBH2ko0c6OtPRRzqa5wwdMyl7-3cX_zT_G_oGVvdmfw</recordid><startdate>20181101</startdate><enddate>20181101</enddate><creator>Cimitile, Aniello</creator><creator>Mercaldo, Francesco</creator><creator>Nardone, Vittoria</creator><creator>Santone, Antonella</creator><creator>Visaggio, Corrado Aaron</creator><general>Springer Berlin Heidelberg</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>0-V</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>88F</scope><scope>8AL</scope><scope>8AM</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>BGRYB</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>K7.</scope><scope>L.-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M0O</scope><scope>M1Q</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope></search><sort><creationdate>20181101</creationdate><title>Talos: no more ransomware victims with formal methods</title><author>Cimitile, Aniello ; Mercaldo, Francesco ; Nardone, Vittoria ; Santone, Antonella ; Visaggio, Corrado Aaron</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c316t-34b069ca2c3aab165290e845ffb91b5884f5b0a650c907f60558adefdfc273b33</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Coding and Information Theory</topic><topic>Communications Engineering</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Computer viruses</topic><topic>Cryptology</topic><topic>Currencies</topic><topic>Malware</topic><topic>Management of Computing and Information Systems</topic><topic>Networks</topic><topic>Operating Systems</topic><topic>Ransomware</topic><topic>Regular Contribution</topic><topic>Smartphones</topic><topic>Workstations</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Cimitile, Aniello</creatorcontrib><creatorcontrib>Mercaldo, Francesco</creatorcontrib><creatorcontrib>Nardone, Vittoria</creatorcontrib><creatorcontrib>Santone, Antonella</creatorcontrib><creatorcontrib>Visaggio, Corrado Aaron</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Social Sciences Premium Collection</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Military Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Criminal Justice Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>Criminology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>ABI/INFORM Professional Advanced</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>ProQuest Criminal Justice</collection><collection>Military Database</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Cimitile, Aniello</au><au>Mercaldo, Francesco</au><au>Nardone, Vittoria</au><au>Santone, Antonella</au><au>Visaggio, Corrado Aaron</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Talos: no more ransomware victims with formal methods</atitle><jtitle>International journal of information security</jtitle><stitle>Int. J. Inf. Secur</stitle><date>2018-11-01</date><risdate>2018</risdate><volume>17</volume><issue>6</issue><spage>719</spage><epage>738</epage><pages>719-738</pages><issn>1615-5262</issn><eissn>1615-5270</eissn><abstract>Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in the form of bitcoins. Commercial solutions are still ineffective to recognize the last variants of ransomware, and the problem has been poorly investigated in literature. In this paper we discuss a methodology based on formal methods for detecting ransomware malware on Android devices. We have implemented our method in a tool named Talos. We evaluate the method, and the obtained results show that Talos is very effective in recognizing ransomware (accuracy of 0.99) even when it is obfuscated (accuracy still remains at 0.99).</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10207-017-0398-5</doi><tpages>20</tpages></addata></record>
fulltext fulltext
identifier ISSN: 1615-5262
ispartof International journal of information security, 2018-11, Vol.17 (6), p.719-738
issn 1615-5262
1615-5270
language eng
recordid cdi_proquest_journals_1978527548
source EBSCO Business Source Complete; SpringerLink Journals
subjects Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Computer viruses
Cryptology
Currencies
Malware
Management of Computing and Information Systems
Networks
Operating Systems
Ransomware
Regular Contribution
Smartphones
Workstations
title Talos: no more ransomware victims with formal methods
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T03%3A38%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Talos:%20no%20more%20ransomware%20victims%20with%20formal%20methods&rft.jtitle=International%20journal%20of%20information%20security&rft.au=Cimitile,%20Aniello&rft.date=2018-11-01&rft.volume=17&rft.issue=6&rft.spage=719&rft.epage=738&rft.pages=719-738&rft.issn=1615-5262&rft.eissn=1615-5270&rft_id=info:doi/10.1007/s10207-017-0398-5&rft_dat=%3Cproquest_cross%3E1978527548%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1978527548&rft_id=info:pmid/&rfr_iscdi=true