Ransomware Modeling Based on a Process Mining Approach

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

Ebrahim Mahdipour Ebrahim Mahdipour; Ali Aghamohammadpour Ali Aghamohammadpour; Iman Attarzadeh Iman Attarzadeh

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: International Journal of Information and Communication Technology Research Year:2022 | Volume:14 | Issue:3 Page(s): 27-36

Download Full-Text

View:

Download:

Cites:

Information Journal Paper

Title

Ransomware Modeling Based on a Process Mining Approach

Author(s)

Ebrahim Mahdipour Ebrahim Mahdipour, Ali Aghamohammadpour Ali Aghamohammadpour, Iman Attarzadeh Iman Attarzadeh | Issue Writer Certificate

Keywords

Process Mining

Ransomware Hunting

Threat Modeling

Threat Intelligence

Threat Hunting.

Abstract

Ransomware attacks are taking advantage of the ongoing coronavirus pandemics and attacking the vulnerable systems in the health sector. Modeling ransomware attacks help to identify and simulate attacks against security environments, using likely adversary techniques. Process Mining (PM) is a field of study that focuses on analyzing process logs linked with the execution of the processes of a system to acquire insight into the variety of characteristics of how the functions behave. This paper presents a PM conformance-based approach to determining ransomware processes. First, frequent ransomware techniques were identified using state-of-the-art MITRE ATT&CK. Then, a model was developed to gather ransomware techniques using a process-based approach. The PM-based Prom tool is used to check the conformance of malware processes alongside the presented model to illustrate its efficiency. The model can identify chain processes associated with ransom-related behaviors. In this study, the presented model was evaluated using thirty common malwares in the healthcare industry. The approach demonstrates that this model could successfully classify ninety percent of malware instances as ransomware and non-ransomware. Finally, guidelines for future research are provided. We believe the proposed method will uncover behavioral models that will enable us to hunt ransomware threats.

Multimedia

No record.

Cites

No record.

References

No record.

Cite

Related Journal Papers

No record.

Related Seminar Papers

No record.

Related Plans