{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:21:10Z","timestamp":1772040070085,"version":"3.50.1"},"reference-count":26,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2023,3,10]],"date-time":"2023-03-10T00:00:00Z","timestamp":1678406400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea (NRF) funded by the Korea government (MSIT)","doi-asserted-by":"publisher","award":["NRF-2021R1F1A1050542"],"award-info":[{"award-number":["NRF-2021R1F1A1050542"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea (NRF) funded by the Korea government (MSIT)","doi-asserted-by":"publisher","award":["NRF-2021R1A4A2001810"],"award-info":[{"award-number":["NRF-2021R1A4A2001810"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Soonchunhyang University Research Fund","award":["NRF-2021R1F1A1050542"],"award-info":[{"award-number":["NRF-2021R1F1A1050542"]}]},{"name":"Soonchunhyang University Research Fund","award":["NRF-2021R1A4A2001810"],"award-info":[{"award-number":["NRF-2021R1A4A2001810"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>A variety of data-based services such as cloud services and big data-based services have emerged in recent times. These services store data and derive the value of the data. The reliability and integrity of the data must be ensured. Unfortunately, attackers have taken valuable data as hostage for money in attacks called ransomware. It is difficult to recover original data from files in systems infected by ransomware because they are encrypted and cannot be accessed without keys. There are cloud services to backup data; however, encrypted files are synchronized with the cloud service. Therefore, the original file cannot be restored even from the cloud when the victim systems are infected. Therefore, in this paper, we propose a method to effectively detect ransomware for cloud services. The proposed method detects infected files by estimating the entropy to synchronize files based on uniformity, one of the characteristics of encrypted files. For the experiment, files containing sensitive user information and system files for system operation were selected. In this study, we detected 100% of the infected files in all file formats, with no false positives or false negatives. We demonstrate that our proposed ransomware detection method was very effective compared to other existing methods. Based on the results of this paper, we expect that this detection method will not synchronize with a cloud server by detecting infected files even if the victim systems are infected with ransomware. In addition, we expect to restore the original files by backing up the files stored on the cloud server.<\/jats:p>","DOI":"10.3390\/s23063023","type":"journal-article","created":{"date-parts":[[2023,3,13]],"date-time":"2023-03-13T03:28:33Z","timestamp":1678678113000},"page":"3023","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Effective Ransomware Detection Using Entropy Estimation of Files for Cloud Services"],"prefix":"10.3390","volume":"23","author":[{"given":"Kyungroul","family":"Lee","sequence":"first","affiliation":[{"name":"Department of Information Security Engineering, Mokpo National University, Muan 58554, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1492-1241","authenticated-orcid":false,"given":"Jaehyuk","family":"Lee","sequence":"additional","affiliation":[{"name":"Interdisciplinary Program of Information & Protection, Mokpo National University, Muan 58554, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4686-9436","authenticated-orcid":false,"given":"Sun-Young","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Information Security Engineering, Soonchunhyang University, Asan 31538, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kangbin","family":"Yim","sequence":"additional","affiliation":[{"name":"Department of Information Security Engineering, Soonchunhyang University, Asan 31538, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2023,3,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1145\/1721654.1721672","article-title":"A view of cloud computing","volume":"53","author":"Armbrust","year":"2010","journal-title":"Commun. ACM"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Sagiroglu, S., and Sinanc, D. (2013, January 20\u201324). Big data: A review. Proceedings of the 2013 International Conference on Collaboration Technologies and Systems (CTS), San Diego, CA, USA.","DOI":"10.1109\/CTS.2013.6567202"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/s11416-008-0092-2","article-title":"Comparative analysis of various ransomware virii","volume":"6","author":"Gazet","year":"2010","journal-title":"J. Comput. Virol."},{"key":"ref_4","unstructured":"O\u2019Gorman, O., and McDonald, G. (2023, March 08). Ransomware: A Growing Menace, 2012, [online]. Available online: https:\/\/www.banadersanlat.com\/wp-content\/uploads\/2012\/12\/ransomware-a-growing-menace.pdf."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/S1361-3723(16)30036-7","article-title":"Ransomware: To pay or not to pay?","volume":"2016","author":"Everett","year":"2016","journal-title":"J. Comput. Fraud. Secur."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","article-title":"Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions","volume":"74","author":"Maarof","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1016\/j.compeleceng.2017.10.012","article-title":"Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics","volume":"66","author":"Cabaj","year":"2018","journal-title":"J. Comput. Electr. Eng."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Paik, J., Choi, J., Jin, R., Wang, J., and Cho, E. (2018, January 15\u201319). A Storage-level Detection Mechanism against Crypto-Ransomware. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3278491"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1286","DOI":"10.1109\/TIFS.2017.2787905","article-title":"Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection","volume":"13","author":"Chen","year":"2017","journal-title":"J. IEEE Trans. Inf. Forensics Secur."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1016\/j.compeleceng.2019.03.012","article-title":"Ransomware detection and mitigation using software-defined networking: The case of WannaCry","volume":"76","author":"Akbanov","year":"2019","journal-title":"J. Comput. Electr. Eng."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"203","DOI":"10.4236\/wjet.2015.33C030","article-title":"Design of Quantification Model for Ransom Ware Prevent","volume":"3","author":"Kim","year":"2015","journal-title":"World J. Eng. Technol."},{"key":"ref_12","first-page":"2946735","article-title":"The Effective Ransomware Prevention Technique using Process monitoring on Android Platform","volume":"2016","author":"Song","year":"2016","journal-title":"J. Mob. Inf. Syst."},{"key":"ref_13","unstructured":"Nieuwenhuizen, D. (2022, September 15). A Behavioural-Based Approach to Ransomware Detection. Available online: https:\/\/labs.f-secure.com\/assets\/resourceFiles\/mwri-behavioural-ransomware-detection-2017-04-5.pdf."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Ahmadian, M.M., Shahriari, H.R., and Ghaffarian, S.M. (2015, January 8\u201310). Connection-Monitor & Connection-Breaker: A Novel Approach for Prevention and Detection of High Survivable Ransomwares. Proceedings of the 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), Rasht, Iran.","DOI":"10.1109\/ISCISC.2015.7387902"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"102377","DOI":"10.1016\/j.cose.2021.102377","article-title":"Differential Area Analysis for Ransomware Attack Detection within Mixed File Datasets","volume":"108","author":"Davies","year":"2021","journal-title":"J. Comput. Secur."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"5973285","DOI":"10.1155\/2018\/5973285","article-title":"Oblivious Transfer via Lossy Encryption from Lattice-Based Cryptography","volume":"2018","author":"Li","year":"2018","journal-title":"J. Wirel. Commun. Mob. Comput."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"290","DOI":"10.46586\/tosc.v2018.i3.290-310","article-title":"On the Boomerang Uniformity of Cryptographic Sboxes","volume":"2018","author":"Boura","year":"2018","journal-title":"J. IACR Trans. Symmetric Cryptol."},{"key":"ref_18","unstructured":"NIST (2021, January 11). A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications, Available online: http:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-22r1a.pdf."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"3999","DOI":"10.1109\/TIT.2019.2900716","article-title":"Expressions for the Entropy of Basic Discrete Distributions","volume":"65","author":"Mahdi","year":"2019","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_20","first-page":"2999","article-title":"Golay Code Based Bit Mismatch Mitigation for Wireless Channel Impulse Response Based Secrecy Generation","volume":"7","author":"Shen","year":"2018","journal-title":"IEEE Access"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1016\/j.physe.2014.11.005","article-title":"Control of the entanglement between triple quantum dot molecule and its spontaneous emission fields via quantum entropy","volume":"67","author":"Sahrai","year":"2015","journal-title":"Phys. E Low-Dimens. Syst. Nanostructures"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Turan, M.S., Barker, E., Kelsey, J., McKay, K.A., Baish, M.L., and Boyle, M. (2018). Recommendation for the Entropy Sources Used for Random Bit Generation, NIST DRAFT Special Publication 800-90B.","DOI":"10.6028\/NIST.SP.800-90B"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Guo, X., Liu, R., Li, P., Cheng, C., Wu, M., and Guo, Y. (2018). Enhancing Extractable Quantum Entropy in Vacuum-Based Quantum Random Number Generator. J. Entropy, 20.","DOI":"10.20944\/preprints201810.0571.v1"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Martin, H., Martin-Holgado, P., Peris-Lopez, P., Morilla, Y., and Entrena, L. (2018). On the Entropy of Oscillator-Based True Random Number Generators under Ionizing Radiation. Entropy, 20.","DOI":"10.3390\/e20070513"},{"key":"ref_25","unstructured":"Timothy, M., Julian, J., Paul, W., and Teo, S. (2019). Communications in Computer and Information Science, Springer."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1007\/978-3-030-30143-9_11","article-title":"Effective Ransomware Detection Using Entropy Estimation of Files for Cloud Services. Presented at the Pervasive Systems, Algorithms and Networks","volume":"Volume 1080","author":"Lee","year":"2019","journal-title":"Communications in Computer and Information Science"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/6\/3023\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:52:12Z","timestamp":1760122332000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/6\/3023"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,10]]},"references-count":26,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2023,3]]}},"alternative-id":["s23063023"],"URL":"https:\/\/doi.org\/10.3390\/s23063023","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,10]]}}}