EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)
Lead Research Organisation:
Newcastle University
Department Name: Sch of Computing
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
Organisations
Publications
Atapour-Abarghouei A
(2021)
Rank over Class: The Untapped Potential of Ranking in Natural Language Processing
Atapour-Abarghouei A
(2020)
Rank over Class: The Untapped Potential of Ranking in Natural Language Processing
Atapour-Abarghouei A
(2019)
Volenti non fit injuria: Ransomware and its Victims
| Description | Current ransomware is imperfect from technological, economical, and psychological points of view. Malware infection methods may still be the best place to disrupt attacks. Evidence that ransomware is used by large scale organised crime has materialised, maybe not as expected through wide-ranging indiscriminate attack, but rather through the stark increase in large scale targeted attacks with high ransom amounts. Intelligence services have ascribed some of the mainly disruptive ransomware campaigns to rogue states; targeted attacks appear to be undertaken by criminal organisations developing their own ransomware variants. We have obtained deeper insight also in the motivations and approaches of the stakeholders in the ransomware world other than the criminals: victims, law enforcement, and the increasingly important cyber insurance companies. These insights have been reported to the academic community, embodied in advice to businesses, law enforcement, policy makers and the general public. From technical point of view, we have also explored novel ways for detecting a ransomware attack. Typical approach for detecting ransomware is by measuring statistical values of files in a target system or device. When statistical values (such as entropy and chi-square) of the files appear to be random, it might indicate that the files are being encrypted and potentially being attacked by ransomware. We have found that only relying on this approach will not be sufficient. We have combined it with other detection methods (such as using honeypot or canary files) in order to provide a better confidence that a ransomware attack is taking place, while minimising the false positives. There is also scope for using machine learning techniques for identifying new strains of ransomware through analysis of activity within a computer system. As with all forms of protection, access to information is a vital tool in our arsenal. Although ransomwares are often keen to provide contact to themselves, for the purpose of helping victims pay their ransom, there is a strong reluctance for victims to gain information from other channels. Especially as these channels can provide information as how to avoid payment. Providing mechanisms to help victims identify pertinent information is therefore essential. |
| Exploitation Route | Economical and technological analysis will need to continue, hand in hand with the evolution of ransomware and the modus operandi of the criminals. A survey on cybercrime victimisation has provided data that require and allow further analysis. |
| Sectors | Digital/Communication/Information Technologies (including Software),Healthcare,Government, Democracy and Justice |
| URL | http://www.emphasis.ac.uk |
| Description | Applications of AI to security, energy efficiency and nature |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | Invited talk at Research Computing Summer School 2019, Imperial College London, UK, Sep. 2019 |
| Year(s) Of Engagement Activity | 2019 |
| URL | https://www.imperial.ac.uk/computational-methods/news-and-events/hpc-2019/ |
| Description | BDA4CID 2018 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Cyber-attacks have posed real and wide-ranging threats for the information society. Detecting cyber-attacks becomes a challenge, not only because of the sophistication of attacks, but also because of the large scale and complex nature of today's IT infrastructures. When significant amounts of data is collected from computer systems operations and monitoring, data science and intelligent advanced analytics are necessary to correlate, learn and mine, interpret and visualize such data. To mitigate existing cyber threats, it is important that cyber-attack detection and security analysis take advantage of data science and advanced analytics. Big data provides a systemic approach, from capturing of IT operation data, through data processing and event correlation, to anomaly detection and response decision. This Workshop will focus on the cutting-edge developments from both academia and industry, with a particular emphasis on novel techniques to capture, store and process the big-data from a wide range of sources in monitoring IT infrastructures, and in particular on the methodologies and technologies which can be applied to correlate, learn and mine, interpret and visualize the cyber security data. This workshop is timely and interesting for researchers, academics and practitioners in big data processing and analytics, cyber security, cyber defense, security analytics, data mining and machine learning of security data, security information and event management, along with anomaly detection. The workshop is very relevant to the big data community, especially data mining, machine learning, cycler physical systems, computational intelligence, and will bring forth a lively forum on this exciting and challenging area at the conference. |
| Year(s) Of Engagement Activity | 2018 |
| URL | http://siwn.org.uk/events/bda4cid/ |
| Description | BDA4CID 2019 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Cyber-attacks have posed real and wide-ranging threats for the information society. Detecting cyber-attacks becomes a challenge, not only because of the sophistication of attacks, but also because of the large scale and complex nature of today's IT infrastructures. When significant amounts of data is collected from computer systems operations and monitoring, data science and intelligent advanced analytics are necessary to correlate, learn and mine, interpret and visualize such data. To mitigate existing cyber threats, it is important that cyber-attack detection and security analysis take advantage of data science and advanced analytics. Big data provides a systemic approach, from capturing of IT operation data, through data processing and event correlation, to anomaly detection and response decision. This Workshop will focus on the cutting-edge developments from both academia and industry, with a particular emphasis on novel techniques to capture, store and process the big-data from a wide range of sources in monitoring IT infrastructures, and in particular on the methodologies and technologies which can be applied to correlate, learn and mine, interpret and visualize the cyber security data. This workshop is timely and interesting for researchers, academics and practitioners in big data processing and analytics, cyber security, cyber defense, security analytics, data mining and machine learning of security data, security information and event management, along with anomaly detection. The workshop is very relevant to the big data community, especially data mining, machine learning, cycler physical systems, computational intelligence, and will bring forth a lively forum on this exciting and challenging area at the conference. |
| Year(s) Of Engagement Activity | 2019 |
| URL | https://bda4cid.github.io |
| Description | Data, AI and Security |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | In 2019 data breaches are predicted to be the most prevalent form of attack against industry. Ransomware along with DDoS attacks, which attack or disrupt data flows, are close behind in the pecking order. Yet, on the other side, the digital data relating to the circumstances of those attacks is vital for identifying what went wrong and analysing how to improve systems so that similar problems do not occur again. There is a massive challenge to get hold of such data, which would be used to learn how to make systems safer, due to: Concerns and some misunderstandings about confidentiality, especially post-GDPR. A general commercial reluctance to announce losses. A heightened level of suspicion following a data breach about how and where their data goes. The additional human and financial resources that participation in research can require of an organisation, particularly after a breach. It is therefore not surprising that organisations are reluctant to participate in projects and share their experiences and any data that could be invaluable to the research mission. This climate of distrust is unlikely to change without the establishment of common protocols and shared best practice for the anonymisation and safe sharing of data. |
| Year(s) Of Engagement Activity | 2019 |
| URL | https://www.turing.ac.uk/events/machine-learning-and-data-challenges-ransomware-and-cloud |
| Description | Good Ransomware and Bad Ransomware, but which is which? |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Presentation to the North East Fraud Forum |
| Year(s) Of Engagement Activity | 2019 |
| URL | https://www.northeastfraudforum.co.uk/neff-events/past-event-downloads/ |
| Description | NEFF 2019 |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Industry/Business |
| Results and Impact | A talk on the types of Ransomware that are out there, the impact that they could have and techniques for identifying them. |
| Year(s) Of Engagement Activity | 2019 |
| Description | Presentation to the North East Fraud Forum |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Industry/Business |
| Results and Impact | Presentation to ~50 people at the North East Fraud Forum. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Provenance |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Talk about the use of Provenance security and machine learning. |
| Year(s) Of Engagement Activity | 2019 |
| Description | Provenance, AI and proof in court |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Talk at the Alan Turing workshop on Provenance, Security and Machine Learning |
| Year(s) Of Engagement Activity | 2019 |
| URL | https://www.turing.ac.uk/events/provenance-security-machine-learning |
| Description | Technologies of Crime, Justice and security Conference |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | ~50 people interested in Crime, Justice and Security. Presenting techniques for using AI to help practitioners in these areas. |
| Year(s) Of Engagement Activity | 2018 |
| Description | e-Crime and Artificial Intelligence Forum |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Presentation at a regular forum meeting (e-Crime) on the machine learning approaches which can be taken to help identify potential offenders and those more likely to be attacked. |
| Year(s) Of Engagement Activity | 2018 |
| URL | http://akjassociates.com/event/aiforum |