An efficient approach to detect torrentlocker ransomware in computer systems

42Citations
Citations of this article
45Readers
Mendeley users who have this article in their library.
Get full text

Abstract

TorrentLocker is a ransomware that encrypts sensitive data located on infected computer systems. Its creators aim to ransom the victims, if they want to retrieve their data. Unfortunately, antiviruses have difficulties to detect such polymorphic malware. In this paper, we propose a novel approach to detect online suspicious processes accessing a large number of files and encrypting them. Such a behavior corresponds to the classical scenario of a malicious ransomware. We show that the Kullback-Liebler divergence can be used to detect with high effectiveness whether a process transforms structured input files (such as JPEG files) into unstructured encrypted files, or not. We focus mainly on JPEG files since irreplaceable pictures represent in many cases the most valuable data on personal computers or smartphones.

Cite

CITATION STYLE

APA

Mbol, F., Robert, J. M., & Sadighian, A. (2016). An efficient approach to detect torrentlocker ransomware in computer systems. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10052 LNCS, pp. 532–541). Springer Verlag. https://doi.org/10.1007/978-3-319-48965-0_32

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free