Ransomware attacks can be mentioned among the most critical cyber threats, which negatively impact organizations’ financial and reputational losses globally. The standard procedures for detecting ransomware may fail to meet the emerging and complex strategies used by the attackers, which raises the need for elaborate and pre-emptive protection measures. The application of UEBA is proposed and examined in this research to meet this crucial need. UEBA gives richer information based on the patterns of users, the applications they use and also other entities. As a result, it gives early sign of Indicators of Compromise (IoC) of any ransomware operation. The research aims to develop a new framework for UEBA-driven early ransomware detection and prevention using machine learning at its core. This approach is aimed at providing quick reaction during the periods, in which the ransomware is active, and at the same time putting into practice the measures necessary for containment of the situation. This study rests on secondary data research that presents an understanding of ransomware attack vectors, behavior baseline development, and detection of anomalies indicative of malicious activity using advanced algorithms. It also focuses on the importance of UEBA in preventing ransomware and provides a practical and efficient way for organizations to improve the cyber security infrastructure, as advanced and sophisticated cyber threats continue to evolve in the current age.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Leveraging User Entity Behavior Analytics for Advanced Ransomware Detection and Protection

  • Nilotpal Roy,
  • T. N. Nisha

摘要

Ransomware attacks can be mentioned among the most critical cyber threats, which negatively impact organizations’ financial and reputational losses globally. The standard procedures for detecting ransomware may fail to meet the emerging and complex strategies used by the attackers, which raises the need for elaborate and pre-emptive protection measures. The application of UEBA is proposed and examined in this research to meet this crucial need. UEBA gives richer information based on the patterns of users, the applications they use and also other entities. As a result, it gives early sign of Indicators of Compromise (IoC) of any ransomware operation. The research aims to develop a new framework for UEBA-driven early ransomware detection and prevention using machine learning at its core. This approach is aimed at providing quick reaction during the periods, in which the ransomware is active, and at the same time putting into practice the measures necessary for containment of the situation. This study rests on secondary data research that presents an understanding of ransomware attack vectors, behavior baseline development, and detection of anomalies indicative of malicious activity using advanced algorithms. It also focuses on the importance of UEBA in preventing ransomware and provides a practical and efficient way for organizations to improve the cyber security infrastructure, as advanced and sophisticated cyber threats continue to evolve in the current age.