Cyber Security and Digital Forensics

CYBER SECURITY AND DIGITAL FORENSICS

CYBER SECURITY IS AN INCREDIBLY IMPORTANT ISSUE THAT IS CONSTANTLY CHANGING, WITH NEW METHODS, PROCESSES, AND TECHNOLOGIES COMING ONLINE ALL THE TIME. BOOKS LIKE THIS ARE INVALUABLE TO PROFESSIONALS WORKING IN THIS AREA, TO STAY ABREAST OF ALL OF THESE CHANGES.Current cyber threats are getting more complicated and advanced with the rapid evolution of adversarial techniques. Networked computing and portable electronic devices have broadened the role of digital forensics beyond traditional investigations into computer crime. The overall increase in the use of computers as a way of storing and retrieving high-security information requires appropriate security measures to protect the entire computing and communication scenario worldwide. Further, with the introduction of the internet and its underlying technology, facets of information security are becoming a primary concern to protect networks and cyber infrastructures from various threats. This groundbreaking new volume, written and edited by a wide range of professionals in this area, covers broad technical and socio-economic perspectives for the utilization of information and communication technologies and the development of practical solutions in cyber security and digital forensics. Not just for the professional working in the field, but also for the student or academic on the university level, this is a must-have for any library. AUDIENCE: Practitioners, consultants, engineers, academics, and other professionals working in the areas of cyber analysis, cyber security, homeland security, national defense, the protection of national critical infrastructures, cyber-crime, cyber vulnerabilities, cyber-attacks related to network systems, cyber threat reduction planning, and those who provide leadership in cyber security management both in public and private sectors MANGESH M. GHONGE, PhD, is currently working at Sandip Institute of Technology and Research Center, Nashik, Maharashtra, India. He authored or co-authored more than 60 published articles in prestigious journals, book chapters, and conference papers. He is also the author or editor of ten books and has organized and chaired many national and international conferences.

SABYASACHI PRAMANIK, PhD, is an assistant professor in the Department of Computer Science and Engineering, Haldia Institute of Technology, India. He earned his doctorate in computer science and engineering from the Sri Satya Sai University of Technology and Medical Sciences, Bhopal, India. He has many publications in various reputed international conferences, journals, and online book chapter contributions and is also serving as the editorial board member of many international journals. He is a reviewer of journal articles in numerous technical journals and has been a keynote speaker, session chair and technical program committee member in many international conferences. He has authored a book on wireless sensor networks and is currently editing six books for multiple publishers, including Scrivener Publishing.

RAMCHANDRA MANGRULKAR, PhD, is an associate professor in the Department of Computer Engineering at SVKM’s Dwarkadas J. Sanghvi College of Engineering, Mumbai, Maharashtra, India. He has published 48 papers and 12 book chapters and presented significant papers at technical conferences. He has also chaired many conferences as a session chair and conducted various workshops and is also a ICSI-CNSS Certified Network Security Specialist. He is an active member on boards of studies in various universities and institutes in India.

DAC-NHUONG LE, PhD, is an associate professor and associate dean at Haiphong University, Vietnam. He earned his MSc and PhD in computer science from Vietnam National University, and he has over 20 years of teaching experience. He has over 50 publications in reputed international conferences, journals and online book chapter contributions and has chaired numerous international conferences. He has served on numerous editorial boards for scientific and technical journals and has authored or edited over 15 books by various publishers, including Scrivener Publishing.

Preface xvii

Acknowledgment xxvii

1 A COMPREHENSIVE STUDY OF SECURITY ISSUES AND RESEARCH CHALLENGES IN DIFFERENT LAYERS OF SERVICE-ORIENTED IOT ARCHITECTURE 1

Ankur O. Bang, Udai Pratap Rao and Amit A. Bhusari

1.1 Introduction and Related Work 2

1.2 IoT: Evolution, Applications and Security Requirements 4

1.2.1 IoT and Its Evolution 5

1.2.2 Different Applications of IoT 5

1.2.3 Different Things in IoT 7

1.2.4 Security Requirements in IoT 8

1.3 Service-Oriented IoT Architecture and IoT Protocol Stack 10

1.3.1 Service-Oriented IoT Architecture 10

1.3.2 IoT Protocol Stack 11

1.3.2.1 Application Layer Protocols 12

1.3.2.2 Transport Layer Protocols 13

1.3.2.3 Network Layer Protocols 15

1.3.2.4 Link Layer and Physical Layer Protocols 16

1.4 Anatomy of Attacks on Service-Oriented IoT Architecture 24

1.4.1 Attacks on Software Service 24

1.4.1.1 Operating System–Level Attacks 24

1.4.1.2 Application-Level Attacks 25

1.4.1.3 Firmware-Level Attacks 25

1.4.2 Attacks on Devices 26

1.4.3 Attacks on Communication Protocols 26

1.4.3.1 Attacks on Application Layer Protocols 26

1.4.3.2 Attacks on Transport Layer Protocols 28

1.4.3.3 Attacks on Network Layer Protocols 28

1.4.3.4 Attacks on Link and Physical Layer Protocols 30

1.5 Major Security Issues in Service-Oriented IoT Architecture 31

1.5.1 Application – Interface Layer 32

1.5.2 Service Layer 33

1.5.3 Network Layer 33

1.5.4 Sensing Layer 34

1.6 Conclusion 35

References 36

2 QUANTUM AND POST-QUANTUM CRYPTOGRAPHY 45

Om Pal, Manoj Jain, B.K. Murthy and Vinay Thakur

2.1 Introduction 46

2.2 Security of Modern Cryptographic Systems 46

2.2.1 Classical and Quantum Factoring of A Large Number 47

2.2.2 Classical and Quantum Search of An Item 49

2.3 Quantum Key Distribution 49

2.3.1 BB84 Protocol 50

2.3.1.1 Proposed Key Verification Phase for BB84 51

2.3.2 E91 Protocol 51

2.3.3 Practical Challenges of Quantum Key Distribution 52

2.3.4 Multi-Party Quantum Key Agreement Protocol 53

2.4 Post-Quantum Digital Signature 53

2.4.1 Signatures Based on Lattice Techniques 54

2.4.2 Signatures Based on Multivariate Quadratic Techniques 55

2.4.3 Hash-Based Signature Techniques 55

2.5 Conclusion and Future Directions 55

References 56

3 ARTIFICIAL NEURAL NETWORK APPLICATIONS IN ANALYSIS OF FORENSIC SCIENCE 59

K.R. Padma and K.R. Don

3.1 Introduction 60

3.2 Digital Forensic Analysis Knowledge 61

3.3 Answer Set Programming in Digital Investigations 61

3.4 Data Science Processing with Artificial Intelligence Models 63

3.5 Pattern Recognition Techniques 63

3.6 ANN Applications 65

3.7 Knowledge on Stages of Digital Forensic Analysis 65

3.8 Deep Learning and Modelling 67

3.9 Conclusion 68

References 69

4 A COMPREHENSIVE SURVEY OF FULLY HOMOMORPHIC ENCRYPTION FROM ITS THEORY TO APPLICATIONS 73

Rashmi Salavi, Dr. M. M. Math and Dr. U. P. Kulkarni

4.1 Introduction 73

4.2 Homomorphic Encryption Techniques 76

4.2.1 Partial Homomorphic Encryption Schemes 77

4.2.2 Fully Homomorphic Encryption Schemes 78

4.3 Homomorphic Encryption Libraries 79

4.4 Computations on Encrypted Data 83

4.5 Applications of Homomorphic Encryption 85

4.6 Conclusion 86

References 87

5 UNDERSTANDING ROBOTICS THROUGH SYNTHETIC PSYCHOLOGY 91

Garima Saini and Dr. Shabnam

5.1 Introduction 91

5.2 Physical Capabilities of Robots 92

5.2.1 Artificial Intelligence and Neuro Linguistic Programming (NLP) 93

5.2.2 Social Skill Development and Activity Engagement 93

5.2.3 Autism Spectrum Disorders 93

5.2.4 Age-Related Cognitive Decline and Dementia 94

5.2.5 Improving Psychosocial Outcomes through Robotics 94

5.2.6 Clients with Disabilities and Robotics 94

5.2.7 Ethical Concerns and Robotics 95

5.3 Traditional Psychology, Neuroscience and Future Robotics 95

5.4 Synthetic Psychology and Robotics: A Vision of the Future 97

5.5 Synthetic Psychology: The Foresight 98

5.6 Synthetic Psychology and Mathematical Optimization 99

5.7 Synthetic Psychology and Medical Diagnosis 99

5.7.1 Virtual Assistance and Robotics 100

5.7.2 Drug Discovery and Robotics 100

5.8 Conclusion 101

References 101

6 AN INSIGHT INTO DIGITAL FORENSICS: HISTORY, FRAMEWORKS, TYPES AND TOOLS 105

G Maria Jones and S Godfrey Winster

6.1 Overview 105

6.2 Digital Forensics 107

6.2.1 Why Do We Need Forensics Process? 107

6.2.2 Forensics Process Principles 108

6.3 Digital Forensics History 108

6.3.1 1985 to 1995 108

6.3.2 1995 to 2005 109

6.3.3 2005 to 2015 110

6.4 Evolutionary Cycle of Digital Forensics 111

6.4.1 Ad Hoc 111

6.4.2 Structured Phase 111

6.4.3 Enterprise Phase 112

6.5 Stages of Digital Forensics Process 112

6.5.1 Stage 1 - 1995 to 2003 112

6.5.2 Stage II - 2004 to 2007 113

6.5.3 Stage III - 2007 to 2014 114

6.6 Types of Digital Forensics 115

6.6.1 Cloud Forensics 116

6.6.2 Mobile Forensics 116

6.6.3 IoT Forensics 116

6.6.4 Computer Forensics 117

6.6.5 Network Forensics 117

6.6.6 Database Forensics 118

6.7 Evidence Collection and Analysis 118

6.8 Digital Forensics Tools 119

6.8.1 X-Ways Forensics 119

6.8.2 SANS Investigative Forensics Toolkit – SIFT 119

6.8.3 EnCase 119

6.8.4 The Sleuth Kit/Autopsy 122

6.8.5 Oxygen Forensic Suite 122

6.8.6 Xplico 122

6.8.7 Computer Online Forensic Evidence Extractor (COFEE) 122

6.8.8 Cellebrite UFED 122

6.8.9 OSForeniscs 123

6.8.10 Computer-Aided Investigative Environment (CAINE) 123

6.9 Summary 123

References 123

7 DIGITAL FORENSICS AS A SERVICE: ANALYSIS FOR FORENSIC KNOWLEDGE 127

Soumi Banerjee, Anita Patil, Dipti Jadhav and Gautam Borkar

7.1 Introduction 127

7.2 Objective 128

7.3 Types of Digital Forensics 129

7.3.1 Network Forensics 129

7.3.2 Computer Forensics 142

7.3.3 Data Forensics 147

7.3.4 Mobile Forensics 149

7.3.5 Big Data Forensics 154

7.3.6 IoT Forensics 155

7.3.7 Cloud Forensics 157

7.4 Conclusion 161

References 161

8 4S FRAMEWORK: A PRACTICAL CPS DESIGN SECURITY ASSESSMENT & BENCHMARKING FRAMEWORK 163

Neel A. Patel, Dhairya A. Parekh, Yash A. Shah and Ramchandra Mangrulkar

8.1 Introduction 164

8.2 Literature Review 166

8.3 Medical Cyber Physical System (MCPS) 170

8.3.1 Difference between CPS and MCPS 171

8.3.2 MCPS Concerns, Potential Threats, Security 171

8.4 CPSSEC vs. Cyber Security 172

8.5 Proposed Framework 173

8.5.1 4S Definitions 174

8.5.2 4S Framework-Based CPSSEC Assessment Process 175

8.5.3 4S Framework-Based CPSSEC Assessment Score Breakdown & Formula 181

8.6 Assessment of Hypothetical MCPS Using 4S Framework 187

8.6.1 System Description 187

8.6.2 Use Case Diagram for the Above CPS 188

8.6.3 Iteration 1 of 4S Assessment 189

8.6.4 Iteration 2 of 4S Assessment 195

8.7 Conclusion 200

8.8 Future Scope 201

References 201

9 ENSURING SECURE DATA SHARING IN IOT DOMAINS USING BLOCKCHAIN 205

Tawseef Ahmed Teli, Rameez Yousuf and Dawood Ashraf Khan

9.1 IoT and Blockchain 205

9.1.1 Public 208

9.1.1.1 Proof of Work (PoW) 209

9.1.1.2 Proof of Stake (PoS) 209

9.1.1.3 Delegated Proof of Stake (DPoS) 210

9.1.2 Private 210

9.1.3 Consortium or Federated 210

9.2 IoT Application Domains and Challenges in Data Sharing 211

9.3 Why Blockchain? 214

9.4 IoT Data Sharing Security Mechanism On Blockchain 216

9.4.1 Double-Chain Mode Based On Blockchain Technology 216

9.4.2 Blockchain Structure Based On Time Stamp 217

9.5 Conclusion 219

References 219

10 A REVIEW OF FACE ANALYSIS TECHNIQUES FOR CONVENTIONAL AND FORENSIC APPLICATIONS 223

Chethana H.T. and Trisiladevi C. Nagavi

10.1 Introduction 224

10.2 Face Recognition 225

10.2.1 Literature Review on Face Recognition 226

10.2.2 Challenges in Face Recognition 228

10.2.3 Applications of Face Recognition 229

10.3 Forensic Face Recognition 229

10.3.1 Literature Review on Face Recognition for Forensics 231

10.3.2 Challenges of Face Recognition in Forensics 233

10.3.3 Possible Datasets Used for Forensic Face Recognition 235

10.3.4 Fundamental Factors for Improving Forensics Science 235

10.3.5 Future Perspectives 237

10.4 Conclusion 238

References 238

11 ROADMAP OF DIGITAL FORENSICS INVESTIGATION PROCESS WITH DISCOVERY OF TOOLS 241

Anita Patil, Soumi Banerjee, Dipti Jadhav and Gautam Borkar

11.1 Introduction 242

11.2 Phases of Digital Forensics Process 244

11.2.1 Phase I - Identification 244

11.2.2 Phase II - Acquisition and Collection 245

11.2.3 Phase III - Analysis and Examination 245

11.2.4 Phase IV - Reporting 245

11.3 Analysis of Challenges and Need of Digital Forensics 246

11.3.1 Digital Forensics Process has following Challenges 246

11.3.2 Needs of Digital Forensics Investigation 247

11.3.3 Other Common Attacks Used to Commit the Crime 248

11.4 Appropriateness of Forensics Tool 248

11.4.1 Level of Skill 248

11.4.2 Outputs 252

11.4.3 Region of Emphasis 252

11.4.4 Support for Additional Hardware 252

11.5 Phase-Wise Digital Forensics Techniques 253

11.5.1 Identification 253

11.5.2 Acquisition 254

11.5.3 Analysis 256

11.5.3.1 Data Carving 257

11.5.3.2 Different Curving Techniques 259

11.5.3.3 Volatile Data Forensic Toolkit Used to Collect and Analyze the Data from Device 260

11.5.4 Report Writing 265

11.6 Pros and Cons of Digital Forensics Investigation Process 266

11.6.1 Advantages of Digital Forensics 266

11.6.2 Disadvantages of Digital Forensics 266

11.7 Conclusion 267

References 267

12 UTILIZING MACHINE LEARNING AND DEEP LEARNING IN CYBESECURITY: AN INNOVATIVE APPROACH 271

Dushyant Kaushik, Muskan Garg, Annu, Ankur Gupta and Sabyasachi Pramanik

12.1 Introduction 271

12.1.1 Protections of Cybersecurity 272

12.1.2 Machine Learning 274

12.1.3 Deep Learning 276

12.1.4 Machine Learning and Deep Learning: Similarities and Differences 278

12.2 Proposed Method 281

12.2.1 The Dataset Overview 282

12.2.2 Data Analysis and Model for Classification 283

12.3 Experimental Studies and Outcomes Analysis 283

12.3.1 Metrics on Performance Assessment 284

12.3.2 Result and Outcomes 285

12.3.2.1 Issue 1: Classify the Various Categories of Feedback Related to the Malevolent Code Provided 285

12.3.2.2 Issue 2: Recognition of the Various Categories of Feedback Related to the Malware Presented 286

12.3.2.3 Issue 3: According to the Malicious Code, Distinguishing Various Forms of Malware 287

12.3.2.4 Issue 4: Detection of Various Malware Styles Based on Different Responses 287

12.3.3 Discussion 288

12.4 Conclusions and Future Scope 289

References 292

13 APPLICATIONS OF MACHINE LEARNING TECHNIQUES IN THE REALM OF CYBERSECURITY 295

Koushal Kumar and Bhagwati Prasad Pande

13.1 Introduction 296

13.2 A Brief Literature Review 298

13.3 Machine Learning and Cybersecurity: Various Issues 300

13.3.1 Effectiveness of ML Technology in Cybersecurity Systems 300

13.3.2 Machine Learning Problems and Challenges in Cybersecurity 302

13.3.2.1 Lack of Appropriate Datasets 302

13.3.2.2 Reduction in False Positives and False Negatives 302

13.3.2.3 Adversarial Machine Learning 302

13.3.2.4 Lack of Feature Engineering Techniques 303

13.3.2.5 Context-Awareness in Cybersecurity 303

13.3.3 Is Machine Learning Enough to Stop Cybercrime? 304

13.4 ML Datasets and Algorithms Used in Cybersecurity 304

13.4.1 Study of Available ML-Driven Datasets Available for Cybersecurity 304

13.4.1.1 KDD Cup 1999 Dataset (DARPA1998) 305

13.4.1.2 NSL-KDD Dataset 305

13.4.1.3 ECML-PKDD 2007 Discovery Challenge Dataset 305

13.4.1.4 Malicious URL’s Detection Dataset 306

13.4.1.5 ISOT (Information Security and Object Technology) Botnet Dataset 306

13.4.1.6 CTU-13 Dataset 306

13.4.1.7 MAWILab Anomaly Detection Dataset 307

13.4.1.8 ADFA-LD and ADFA-WD Datasets 307

13.4.2 Applications ML Algorithms in Cybersecurity Affairs 307

13.4.2.1 Clustering 309

13.4.2.2 Support Vector Machine (SVM) 309

13.4.2.3 Nearest Neighbor (NN) 309

13.4.2.4 Decision Tree 309

13.4.2.5 Dimensionality Reduction 310

13.5 Applications of Machine Learning in the Realm of Cybersecurity 310

13.5.1 Facebook Monitors and Identifies Cybersecurity Threats with ML 310

13.5.2 Microsoft Employs ML for Security 311

13.5.3 Applications of ML by Google 312

13.6 Conclusions 313

References 313

14 SECURITY IMPROVEMENT TECHNIQUE FOR DISTRIBUTED CONTROL SYSTEM (DCS) AND SUPERVISORY CONTROL-DATA ACQUISITION (SCADA) USING BLOCKCHAIN AT DARK WEB PLATFORM 317

Anand Singh Rajawat, Romil Rawat and Kanishk Barhanpurkar

14.1 Introduction 318

14.2 Significance of Security Improvement in DCS and SCADA 322

14.3 Related Work 323

14.4 Proposed Methodology 324

14.4.1 Algorithms Used for Implementation 327

14.4.2 Components of a Blockchain 327

14.4.3 MERKLE Tree 328

14.4.4 The Technique of Stack and Work Proof 328

14.4.5 Smart Contracts 329

14.5 Result Analysis 329

14.6 Conclusion 330

References 331

15 RECENT TECHNIQUES FOR EXPLOITATION AND PROTECTION OF COMMON MALICIOUS INPUTS TO ONLINE APPLICATIONS 335

Dr. Tun Myat Aung and Ni Ni Hla

15.1 Introduction 335

15.2 SQL Injection 336

15.2.1 Introduction 336

15.2.2 Exploitation Techniques 337

15.2.2.1 In-Band SQL Injection 337

15.2.2.2 Inferential SQL Injection 338

15.2.2.3 Out-of-Band SQL Injection 340

15.2.3 Causes of Vulnerability 340

15.2.4 Protection Techniques 341

15.2.4.1 Input Validation 341

15.2.4.2 Data Sanitization 341

15.2.4.3 Use of Prepared Statements 342

15.2.4.4 Limitation of Database Permission 343

15.2.4.5 Using Encryption 343

15.3 Cross Site Scripting 344

15.3.1 Introduction 344

15.3.2 Exploitation Techniques 344

15.3.2.1 Reflected Cross Site Scripting 345

15.3.2.2 Stored Cross Site Scripting 345

15.3.2.3 DOM-Based Cross Site Scripting 346

15.3.3 Causes of Vulnerability 346

15.3.4 Protection Techniques 347

15.3.4.1 Data Validation 347

15.3.4.2 Data Sanitization 347

15.3.4.3 Escaping on Output 347

15.3.4.4 Use of Content Security Policy 348

15.4 Cross Site Request Forgery 349

15.4.1 Introduction 349

15.4.2 Exploitation Techniques 349

15.4.2.1 HTTP Request with GET Method 349

15.4.2.2 HTTP Request with POST Method 350

15.4.3 Causes of Vulnerability 350

15.4.3.1 Session Cookie Handling Mechanism 350

15.4.3.2 HTML Tag 351

15.4.3.3 Browser’s View Source Option 351

15.4.3.4 GET and POST Method 351

15.4.4 Protection Techniques 351

15.4.4.1 Checking HTTP Referer 351

15.4.4.2 Using Custom Header 352

15.4.4.3 Using Anti-CSRF Tokens 352

15.4.4.4 Using a Random Value for each Form Field 352

15.4.4.5 Limiting the Lifetime of Authentication Cookies 353

15.5 Command Injection 353

15.5.1 Introduction 353

15.5.2 Exploitation Techniques 354

15.5.3 Causes of Vulnerability 354

15.5.4 Protection Techniques 355

15.6 File Inclusion 355

15.6.1 Introduction 355

15.6.2 Exploitation Techniques 355

15.6.2.1 Remote File Inclusion 355

15.6.2.2 Local File Inclusion 356

15.6.3 Causes of Vulnerability 357

15.6.4 Protection Techniques 357

15.7 Conclusion 358

References 358

16 RANSOMWARE: THREATS, IDENTIFICATION AND PREVENTION 361

Sweta Thakur, Sangita Chaudhari and Bharti Joshi

16.1 Introduction 361

16.2 Types of Ransomwares 364

16.2.1 Locker Ransomware 364

16.2.1.1 Reveton Ransomware 365

16.2.1.2 Locky Ransomware 366

16.2.1.3 CTB Locker Ransomware 366

16.2.1.4 TorrentLocker Ransomware 366

16.2.2 Crypto Ransomware 367

16.2.2.1 PC Cyborg Ransomware 367

16.2.2.2 OneHalf Ransomware 367

16.2.2.3 GPCode Ransomware 367

16.2.2.4 CryptoLocker Ransomware 368

16.2.2.5 CryptoDefense Ransomware 368

16.2.2.6 CryptoWall Ransomware 368

16.2.2.7 TeslaCrypt Ransomware 368

16.2.2.8 Cerber Ransomware 368

16.2.2.9 Jigsaw Ransomware 369

16.2.2.10 Bad Rabbit Ransomware 369

16.2.2.11 WannaCry Ransomware 369

16.2.2.12 Petya Ransomware 369

16.2.2.13 Gandcrab Ransomware 369

16.2.2.14 Rapid Ransomware 370

16.2.2.15 Ryuk Ransomware 370

16.2.2.16 Lockergoga Ransomware 370

16.2.2.17 PewCrypt Ransomware 370

16.2.2.18 Dhrama/Crysis Ransomware 370

16.2.2.19 Phobos Ransomware 371

16.2.2.20 Malito Ransomware 371

16.2.2.21 LockBit Ransomware 371

16.2.2.22 GoldenEye Ransomware 371

16.2.2.23 REvil or Sodinokibi Ransomware 371

16.2.2.24 Nemty Ransomware 371

16.2.2.25 Nephilim Ransomware 372

16.2.2.26 Maze Ransomware 372

16.2.2.27 Sekhmet Ransomware 372

16.2.3 MAC Ransomware 372

16.2.3.1 KeRanger Ransomware 373

16.2.3.2 Go Pher Ransomware 373

16.2.3.3 FBI Ransom Ransomware 373

16.2.3.4 File Coder 373

16.2.3.5 Patcher 373

16.2.3.6 ThiefQuest Ransomware 374

16.2.3.7 Keydnap Ransomware 374

16.2.3.8 Bird Miner Ransomware 374

16.3 Ransomware Life Cycle 374

16.4 Detection Strategies 376

16.4.1 Unevil 376

16.4.2 Detecting File Lockers 376

16.4.3 Detecting Screen Lockers 377

16.4.4 Connection-Monitor and Connection-Breaker Approach 377

16.4.5 Ransomware Detection by Mining API Call Usage 377

16.4.6 A New Static-Based Framework for Ransomware Detection 377

16.4.7 White List-Based Ransomware Real-Time Detection Prevention (WRDP) 378

16.5 Analysis of Ransomware 378

16.5.1 Static Analysis 379

16.5.2 Dynamic Analysis 379

16.6 Prevention Strategies 380

16.6.1 Access Control 380

16.6.2 Recovery After Infection 380

16.6.3 Trapping Attacker 380

16.7 Ransomware Traits Analysis 380

16.8 Research Directions 384

16.9 Conclusion 384

References 384

Index 389