Название: Ransomware Analysis: Knowledge Extraction and Classification for Advanced Cyber Threat Intelligence
Автор: Claudia Lanza, Abdelkader Lahmadi, Jérôme François
Издательство: CRC Press
Год: 2025
Страниц: 113
Язык: английский
Формат: pdf (true), epub
Размер: 10.1 MB

This book presents the development of a classification scheme to organize and represent ransomware threat knowledge through the implementation of an innovative methodology centered around the semantic annotation of domain-specific source documentation. By combining principles from Computer Science, document management, and semantic data processing, the research establishes an innovative framework to organize ransomware data extracted from specialized source texts in a systematic classification system.

Through detailed chapters, the book explores the process of applying semantic annotation to a specialized corpus comprising CVE prose descriptions linked to known ransomware threats. This approach not only organizes but also deeply analyzes these descriptions, uncovering patterns and vulnerabilities within ransomware operations. The book presents a pioneering methodology that integrates CVE descriptions with ATT&CK frameworks, significantly refining the granularity of threat intelligence.

The insights gained from a pattern-based analysis of vulnerability-related documentation are structured into a hierarchical model within an ontology framework, enhancing the capability for predictive operations. This model prepares cybersecurity professionals to anticipate and mitigate risks associated with new vulnerabilities as they are cataloged in the CVE list, by identifying recurrent characteristics tied to specific ransomware and related vulnerabilities.

Recent works on ransomware classification have been published based on the implementation of multiple Machine Learning algorithms or static analysis by transforming the opcode sequences of ransomware into N-grams. Cybersecurity knowledge graphs and frameworks provide structured representations of cyber threat data, relationships, and intelligence. They facilitate a deeper understanding of threats, vulnerabilities, and attack patterns, aiding in cybersecurity defense strategies. The construction of CKGs usually starts with developing a cybersecurity ontology, from which semantic triples are extracted to form the backbone of the knowledge graph. This approach is widely adopted across studes aiming to provide a structured and semantically rich representation of cybersecurity information. Recent advancements in CKG development have focused on discovering hidden cybersecurity patterns through hierarchical clustering, highlighting the technologies frequently exploited in cyber-attacks.

With real-world examples, this book empowers its readers to implement these methodologies in their environments, leading to improved prediction and prevention strategies in the face of growing ransomware challenges.








[related-news] [/related-news]