Loading [MathJax]/extensions/MathMenu.js
A Grammar-Based Behavioral Distance Measure Between Ransomware Variants | IEEE Journals & Magazine | IEEE Xplore
Access provided by:

MIT Libraries

Sign Out
Access provided by:

MIT Libraries

Sign Out
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Computat... >Volume: 9 Issue: 1

A Grammar-Based Behavioral Distance Measure Between Ransomware Variants

PDF
H. Van Dyke Parunak
All Authors

Abstract:

Effective attribution of ransomware attacks requires a way to characterize different variants and estimates their similarity to one another. Unlike other malware, ransomw...Show More

Metadata

Abstract:

Effective attribution of ransomware attacks requires a way to characterize different variants and estimates their similarity to one another. Unlike other malware, ransomware deliberately discloses itself and interacts explicitly with the victim. This characteristic invites the application of insights from social systems. The resulting behavioral trace offers a richer characterization than the simple code signatures used to detect other forms of malware, but is also more complex and harder to characterize. Exploiting this trace forensically requires a distance measure between pairs of attacks. In the Ransomware Analysis as Dialogue for Attribution and Reconnaissance (RADAR) project, we developed such a measure based on representation of the attack behavior in a context-free grammar. We motivate this approach by insights from behavioral linguistics, summarize the grammar we have developed, present a series of increasingly refined grammatical distance measures, and illustrate their performance on actual attacks. Then we suggest applications of our distance measure to other problems of social modeling.
Published in: IEEE Transactions on Computational Social Systems ( Volume: 9, Issue: 1, February 2022)
Page(s): 8 - 17
Date of Publication: 05 March 2021

ISSN Information:

DOI: 10.1109/TCSS.2021.3060972

Funding Agency:

Contents

I. Introduction

Ransomware is a widespread form of malware [1], [2] that renders a computer system unusable (typically by locking it or by encrypting its data) and demanding payment to undo its effects. Unlike other forms of malware, ransomware must disclose itself to its victims and interact with them to achieve the attacker’s objective of financial gain. Thus, it is a distinctly social form of attack, inviting the application of tools from the social sciences to understand and mitigate it.

Contact IEEE to Subscribe
More Like This
Detection of Anomalous Trajectory Patterns in Target Tracking via Stochastic Context-Free Grammars and Reciprocal Process Models

IEEE Journal of Selected Topics in Signal Processing

Published: 2013

RTCP Detection for Five-Axis CNC Machine Tool Dynamic Performance Based on 8-shape Trajectory

2019 IEEE International Conference on Mechatronics and Automation (ICMA)

Published: 2019

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.