Show simple item record

dc.creatorBerrueta Irigoyen, Eduardoes_ES
dc.creatorMorató Osés, Danieles_ES
dc.creatorMagaña Lizarrondo, Eduardoes_ES
dc.creatorIzal Azcárate, Mikeles_ES
dc.date.accessioned2020-01-08T12:16:16Z
dc.date.available2020-01-08T12:16:16Z
dc.date.issued2019
dc.identifier.citationE. Berrueta, D. Morato, E. Magaña and M. Izal, 'Ransomware Encrypted Your Files but You Restored Them from Network Traffic,' 2018 2nd Cyber Security in Networking Conference (CSNet), Paris, 2018, pp. 1-7. doi: 10.1109/CSNET.2018.8602978en
dc.identifier.isbn978-1-5386-7045-3
dc.identifier.urihttps://hdl.handle.net/2454/36012
dc.description.abstractIn a scenario where user files are stored in a network shared volume, a single computer infected by ransomware could encrypt the whole set of shared files, with a large impact on user productivity. On the other hand, medium and large companies maintain hardware or software probes that monitor the traffic in critical network links, in order to evaluate service performance, detect security breaches, account for network or service usage, etc. In this paper we suggest using the monitoring capabilities in one of these tools in order to keep a trace of the traffic between the users and the file server. Once the ransomware is detected, the lost files can be recovered from the traffic trace. This includes any user modifications posterior to the last snapshot of periodic backups. The paper explains the problems faced by the monitoring tool, which is neither the client nor the server of the file sharing operations. It also describes the data structures in order to process the actions of users that could be simultaneously working on the same file. A proof of concept software implementation was capable of successfully recovering the files encrypted by 18 different ransomware families.en
dc.description.sponsorshipThis work was supported by Spanish MINECO through project PIT (TEC2015-69417-C2-2-R).en
dc.format.extent7 p.
dc.format.mimetypeapplication/pdfen
dc.language.isoengen
dc.publisherIEEEen
dc.relation.ispartof2018 2nd Cyber Security In Networking Conference, CSnet 2018. Paris, oct. 24-26, 2018en
dc.rights©2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other work.en
dc.subjectRansomwareen
dc.subjectServersen
dc.subjectProbesen
dc.subjectToolsen
dc.subjectCryptographyen
dc.subjectMonitoringen
dc.titleRansomware encrypted your files but you restored them from network trafficen
dc.typeinfo:eu-repo/semantics/conferenceObjecten
dc.typeContribución a congreso / Biltzarrerako ekarpenaes
dc.contributor.departmentUniversidad Pública de Navarra. Departamento de Ingeniería Eléctrica, Electrónica y de Comunicaciónes_ES
dc.contributor.departmentNafarroako Unibertsitate Publikoa. Ingeniaritza Elektriko, Elektroniko eta Telekomunikazio Sailaeu
dc.contributor.departmentUniversidad Pública de Navarra / Nafarroako Unibertsitate Publikoa. ISC - Institute of Smart Citieses_ES
dc.rights.accessRightsinfo:eu-repo/semantics/embargoedAccessen
dc.rights.accessRightsAcceso embargado / Sarbidea bahitua dagoes
dc.identifier.doi10.1109/CSNET.2018.8602978
dc.relation.projectIDinfo:eu-repo/grantAgreement/ES/1PE/TEC2015-69417en
dc.relation.publisherversionhttps://doi.org/10.1109/CSNET.2018.8602978
dc.type.versioninfo:eu-repo/semantics/acceptedVersionen
dc.type.versionVersión aceptada / Onetsi den bertsioaes


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record