Dr Lee Speakman L.Speakman@salford.ac.uk
Lecturer in Cyber Security
Talos: A prototype Intrusion Detection and Prevention system for profiling ransomware behaviour
Speakman, Lee; Wood, Ashley; Eze, Thaddeus
Authors
Ashley Wood
Thaddeus Eze
Abstract
In this paper, we profile the behaviour and functionality of multiple recent variants of WannaCry and CrySiS/Dharma, through static and dynamic malware analysis. We then analyse and detail the commonly occurring behavioural features of ransomware. These features are utilised to develop a prototype Intrusion Detection and Prevention System (IDPS) named Talos, which comprises of several detection mechanisms/components. Benchmarking is later performed to test and validate the performance of the proposed Talos IDPS system and the results discussed in detail. It is established that the Talos system can successfully detect all ransomware variants tested, in an average of 1.7 seconds and instigate remedial action in a timely manner following first detection. The paper concludes with a summarisation of our main findings and discussion of potential future works which may be carried out to allow the effective detection and prevention of ransomware on systems and networks.
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 20th European Conference on Cyber Warfare and Security |
| Start Date | Jun 24, 2021 |
| End Date | Jun 25, 2021 |
| Acceptance Date | Apr 5, 2021 |
| Online Publication Date | Jun 24, 2021 |
| Publication Date | Jun 24, 2021 |
| Deposit Date | Mar 7, 2025 |
| Publisher | Academic Conferences and Publishing International |
| Peer Reviewed | Peer Reviewed |
| Pages | 558-568 |
| Book Title | ECCWS 2021- Proceeding of the 20th European Conference on Cyber Warfare and Security |
| ISBN | 9781912764990 |
| Publisher URL | https://www.academic-bookshop.com/ourshop/prod_7595384-ECCWS-2021-Proceeding-of-the-20th-European-Conference-on-Cyber-Warfare-and-Security.html |
You might also like
Looping in OLSRv2 in Mobile Ad-Hoc Networks, Loop Suppession and Loop Correction
(2009)
Journal Article
Factors Amplifying or Inhibiting Cyber Threat Intelligence Sharing
(2024)
Presentation / Conference Contribution
An analysis of loop formation in OLSRv2 in ad-hoc networks and limiting its negative impact
(2008)
Presentation / Conference Contribution
Policing The Cyber Threat: Exploring the Threat from Cyber Crime and the Ability of Local Law Enforcement to Respond
(2018)
Presentation / Conference Contribution
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search