{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T09:32:58Z","timestamp":1775899978588,"version":"3.50.1"},"reference-count":39,"publisher":"Wiley","issue":"1","license":[{"start":{"date-parts":[[2018,12,6]],"date-time":"2018-12-06T00:00:00Z","timestamp":1544054400000},"content-version":"vor","delay-in-days":339,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61871140"],"award-info":[{"award-number":["61871140"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61572153"],"award-info":[{"award-number":["61572153"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1636215"],"award-info":[{"award-number":["U1636215"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61572492"],"award-info":[{"award-number":["61572492"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61672020"],"award-info":[{"award-number":["61672020"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Wireless Communications and Mobile Computing"],"published-print":{"date-parts":[[2018,1]]},"abstract":"<jats:p>While various ransomware defense systems have been proposed to deal with traditional randomly\u2010spread ransomware attacks (based on their unique high\u2010noisy behaviors at hosts and on networks), none of them considered ransomware attacks precisely aiming at specific hosts, e.g., using the common Remote Desktop Protocol (RDP). To address this problem, we propose a systematic method to fight such specifically targeted ransomware by trapping attackers via a network deception environment and then using traceback techniques to identify attack sources. In particular, we developed various monitors in the proposed deception environment to gather traceable clues about attackers, and we further design an analysis system that automatically extracts and analyze the collected clues. Our evaluations show that the proposed method can trap the adversary in the deception environment and significantly improve the efficiency of clue analysis. Furthermore, it also helps us trace back RDP\u2010based ransomware attackers and ransomware makers in the practical applications.<\/jats:p>","DOI":"10.1155\/2018\/7943586","type":"journal-article","created":{"date-parts":[[2018,12,6]],"date-time":"2018-12-06T23:50:06Z","timestamp":1544140206000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":31,"title":["Automatically Traceback RDP\u2010Based Targeted Ransomware Attacks"],"prefix":"10.1155","volume":"2018","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3365-5295","authenticated-orcid":false,"given":"ZiHan","family":"Wang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8023-3941","authenticated-orcid":false,"given":"ChaoGe","family":"Liu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4202-7802","authenticated-orcid":false,"given":"Jing","family":"Qiu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9409-5359","authenticated-orcid":false,"given":"ZhiHong","family":"Tian","sequence":"additional","affiliation":[]},{"given":"Xiang","family":"Cui","sequence":"additional","affiliation":[]},{"given":"Shen","family":"Su","sequence":"additional","affiliation":[]}],"member":"311","published-online":{"date-parts":[[2018,12,6]]},"reference":[{"key":"e_1_2_13_1_2","unstructured":"KharrazA. UNVEIL: A Large-Scale Automated Approach to Detecting Ransomware Proceedings of the 25th USENIX Security Symposium (USENIX Security 16) 2016 USENIX Association 757\u2013772."},{"key":"e_1_2_13_2_2","unstructured":"SavageK. CooganP. andLauH. The evolution of ransomware 2015."},{"key":"e_1_2_13_3_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_1"},{"key":"e_1_2_13_4_2","article-title":"A brief study of Wannacry Threat: Ransomware Attack 2017","volume":"8","author":"Mohurle S.","year":"2017","journal-title":"International Journal of Advanced Research in Computer Science"},{"key":"e_1_2_13_5_2","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/5823439"},{"key":"e_1_2_13_6_2","unstructured":"YanezaJ. Brute Force RDP Attacks Plant CRYSIS Ransomware https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/brute-force-rdp-attacks-plant-crysis-ransomware\/."},{"key":"e_1_2_13_7_2","unstructured":"10% of Ransomware Attacks on SMBs Targeted IoT Devices https:\/\/www.darkreading.com\/application-security\/10--of-ransomware-attacks-on-smbs-targeted-iot-devices-\/d\/d-id\/1329817."},{"key":"e_1_2_13_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2846624"},{"key":"e_1_2_13_9_2","unstructured":"Kaspersky Security Bulletin: STORY OF THE YEAR 2017 2017 https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2018\/03\/07164824\/KSB_Story_of_the_Year_Ransomware_FINAL_eng.pdf."},{"key":"e_1_2_13_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2846590"},{"key":"e_1_2_13_11_2","volume-title":"Managing Information Security Risk: Organisation, Mission, and Information System View","author":"Ross R.","year":"2011"},{"key":"e_1_2_13_12_2","doi-asserted-by":"publisher","DOI":"10.3390\/s18082440"},{"key":"e_1_2_13_13_2","doi-asserted-by":"crossref","unstructured":"WangZ. H. WuX. LiuC. G. LiuQ. X. andZhangJ. L. RansomTracer: Exploiting Cyber Deception for Ransomware Tracing Proceedings of the IEEE Third International Conference on Data Science in Cyberspace 2018 227\u2013234.","DOI":"10.1109\/DSC.2018.00040"},{"key":"e_1_2_13_14_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.01.001"},{"key":"e_1_2_13_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSUSC.2018.2793284"},{"key":"e_1_2_13_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_18"},{"key":"e_1_2_13_17_2","doi-asserted-by":"crossref","unstructured":"MercaldoF. NardoneV. SantoneA. andVisaggioC. A. AlbertE.andLaneseI. Ransomware Steals Your Phone. Formal Methods Rescue It Formal Techniques For Distributed Objects Components And Systems: 36th IFIPWG 6.1 International Conference FORTE 2016 held as part of the 11th International Federated Conference On Distributed Computing Techniques DisCoTec 2016 2016 Springer International Publishing 212\u2013221 https:\/\/doi.org\/10.1007\/978-3-319-39570-8_14.","DOI":"10.1007\/978-3-319-39570-8_14"},{"key":"e_1_2_13_18_2","unstructured":"SgandurraD. Mu\u00b1oz-Gonz\u00dflezL. MohsenR. andLupuE. C. Automated Dynamic Analysis of Ransomware: Benefits Limitations and use for Detection https:\/\/arxiv.org\/abs\/1609.03020."},{"key":"e_1_2_13_19_2","doi-asserted-by":"publisher","DOI":"10.1155\/2016\/2946735"},{"key":"e_1_2_13_20_2","unstructured":"YangT. YangY. QianK. LoD. C.-T. QianY. andTaoL. Automated detection and analysis for android ransomware Proceedings of the 17th IEEE International Conference on High Performance Computing and Communications IEEE 7th International Symposium on Cyberspace Safety and Security and IEEE 12th International Conference on Embedded Software and Systems HPCC-ICESS-CSS 2015 August 2015 USA 1338\u20131343 2-s2.0-84961763303."},{"key":"e_1_2_13_21_2","doi-asserted-by":"crossref","unstructured":"ScaifeN. CarterH. TraynorP. andButlerK. R. B. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data Proceedings of the 36th IEEE International Conference on Distributed Computing Systems ICDCS 2016 June 2016 Japan 303\u2013312 2-s2.0-84985930862.","DOI":"10.1109\/ICDCS.2016.46"},{"key":"e_1_2_13_22_2","doi-asserted-by":"crossref","unstructured":"AhmadianM. M.andShahriariH. R. 2entFOX: A framework for high survivable ransomwares detection Proceedings of the 13th International ISC Conference on Information Security and Cryptology ISCISC 2016 September 2016 Iran 79\u201384 2-s2.0-85007203275.","DOI":"10.1109\/ISCISC.2016.7736455"},{"key":"e_1_2_13_23_2","doi-asserted-by":"crossref","unstructured":"AhmadianM. M. ShahriariH. R. andGhaffarianS. M. Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares Proceedings of the 12th International ISC Conference on Information Security and Cryptology ISCISC 2015 September 2015 Iran 79\u201384 2-s2.0-84963799386.","DOI":"10.1109\/ISCISC.2015.7387902"},{"key":"e_1_2_13_24_2","doi-asserted-by":"publisher","DOI":"10.17485\/ijst\/2015\/v8i19\/80196"},{"key":"e_1_2_13_25_2","doi-asserted-by":"crossref","unstructured":"MooreC. Detecting Ransomware with Honeypot Techniques Proceedings of the 2016 Cybersecurity and Cyberforensics Conference (CCC) August 2016 Amman Jordan 77\u201381 https:\/\/doi.org\/10.1109\/CCC.2016.14.","DOI":"10.1109\/CCC.2016.14"},{"key":"e_1_2_13_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-48965-0_32"},{"key":"e_1_2_13_27_2","first-page":"201","article-title":"Network activity analysis of CryptoWall ransomware","volume":"91","author":"Cabaj K.","year":"2015","journal-title":"Przegl\u0105d Elektrotechniczny"},{"key":"e_1_2_13_28_2","first-page":"1","article-title":"Trust Architecture and Reputation Evaluation for Internet of Things","volume":"2","author":"Chen J.","year":"2018","journal-title":"Journal of Ambient Intelligence & Humanized Computing"},{"key":"e_1_2_13_29_2","doi-asserted-by":"crossref","unstructured":"Le GuernicC.andLegayA. Ransomware and the Legacy Crypto API. Paper presented at the Risks and Risks and Security of Internet and Systems: 11th International Conference CRiSIS 2016 2017 Roscoff France.","DOI":"10.1007\/978-3-319-54876-0_2"},{"key":"e_1_2_13_30_2","volume-title":"Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities","author":"Pingree L.","year":"2015"},{"key":"e_1_2_13_31_2","doi-asserted-by":"crossref","unstructured":"Ransomware and Businesses https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/white-papers\/ransomware-and-businesses-16-en.pdf 2016.","DOI":"10.1016\/S1353-4858(16)30096-4"},{"key":"e_1_2_13_32_2","doi-asserted-by":"crossref","unstructured":"KharrazA.andKirdaE. Redemption: Real-Time Protection Against Ransomware at End-Hosts Proceedings of the International Symposium on Research in Attacks Intrusions and Defenses 2017 98\u2013119.","DOI":"10.1007\/978-3-319-66332-6_5"},{"key":"e_1_2_13_33_2","unstructured":"BergstrandF. BergstrandJ. andGunnarssonH. Localization of Spyware in Windows Environments ."},{"key":"e_1_2_13_34_2","unstructured":"PEView https:\/\/www.aldeid.com\/wiki\/PEView."},{"key":"e_1_2_13_35_2","unstructured":"python-pefile https:\/\/pypi.python.org\/pypi\/pefile."},{"key":"e_1_2_13_36_2","unstructured":"LuiM.andBaldwinT. langid. py An off-the-shelf language identification tool Proceedings of the ACL 2012 system demonstrations. Association for Computational Linguistics 2012 25\u201330."},{"key":"e_1_2_13_37_2","doi-asserted-by":"crossref","unstructured":"BirdS.andLoperE. NLTK: the natural language toolkit Proceedings of the ACL 2004 on Interactive poster and demonstration sessions. Association for Computational Linguistics July 2004 Barcelona Spain https:\/\/doi.org\/10.3115\/1219044.1219075.","DOI":"10.3115\/1219044.1219075"},{"key":"e_1_2_13_38_2","unstructured":"Rrenaud. Gibberish-Detector https:\/\/github.com\/rrenaud\/Gibberish-Detector\/blob\/master\/README.rst."},{"key":"e_1_2_13_39_2","unstructured":"VirusTotal http:\/\/virustotal.com."}],"container-title":["Wireless Communications and Mobile Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2018\/7943586.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2018\/7943586.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1155\/2018\/7943586","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,7]],"date-time":"2024-08-07T06:12:50Z","timestamp":1723011170000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1155\/2018\/7943586"}},"subtitle":[],"editor":[{"given":"Vishal","family":"Sharma","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2018,1]]},"references-count":39,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,1]]}},"alternative-id":["10.1155\/2018\/7943586"],"URL":"https:\/\/doi.org\/10.1155\/2018\/7943586","archive":["Portico"],"relation":{},"ISSN":["1530-8669","1530-8677"],"issn-type":[{"value":"1530-8669","type":"print"},{"value":"1530-8677","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,1]]},"assertion":[{"value":"2018-07-13","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-11-22","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-12-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"7943586"}}