Open Repository for the Evaluation of Ransomware Detection Tools

• Published in: IEEE access Vol. 8; pp. 65658 - 65669
• Main Authors: Berrueta, Eduardo, Morato, Daniel, Magana, Eduardo, Izal, Mikel
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 2020; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Algorithms; Encryption; Malware; open repository; Ransomware; Repositories; Servers; Strain; traffic analysis
• ISSN: 2169-3536; 2169-3536
• DOI: 10.1109/ACCESS.2020.2984187

Crypto-ransomware is a type of malware that encrypts user files, deletes the original data, and asks for ransom to recover the hijacked documents. Several articles have presented detection techniques for this type of malware; these techniques are applied before the ransomware encrypts files or during its action in an infected host. The evaluation of these proposals has always been accomplished using sets of ransomware samples that are prepared locally for the research article, without making the data available. Different studies use different sets of samples and different evaluation metrics, resulting in insufficient comparability. In this paper, we describe a public data repository containing the file access operations of more than 70 ransomware samples during the encryption of a large network shared directory. These data have already been used successfully in the evaluation of a network-based ransomware detection algorithm. Now, we are making these data available to the community and describing their details, how they were captured, and how they can be used in the evaluation and comparison of the results of most ransomware detection techniques.