The rapid growth of cryptocurrencies
The rapid growth of cryptocurrencies has created room for pseudo-anonymous transactions to take place, which has made things easy for hackers to blackmail others by demanding for a ransom encrypting their sensitive data. The impacts of the recent ransomware attacks have shown us there are notable losses and harm in the economic y and society in different sectors starting from the local government up till health care units. In these modern times, most ransomware operates with Bitcoin for payments. Even though Bitcoin transactions are registered permanently and available to the public, the available tools that detect ransomware activities are not efficient enough since they only depend on some heuristics or long tiresome process of gathering information. This essay analyzes the recent improvements made in the Topological Data Analysis that introduces maximum productivity and tractable data analytics system that discovers any suspicious addresses in a ransomware family automatically with limited information of the previous transactions. This new system also detects new ransomware family emerging. This means that it is a ransomware which has no records of previous transactions.
Ransomware can be defined as a virus that is used meant to harm or get access to a computer system illegally and get someone’s sensitive data and demand for a ransom from them. Ransomware can either block or encrypt the victim’s data blocking them from accessing their resources. Ransomware can infect both computer systems, IoT and mobile devices. Ransomware can be spread through web-based vulnerabilities or email attachments, but recently they have been distributed through mass exploits. The previous ransomware used hard-coded IPs and domains, but the recent ones get access to the hidden command and control server using anonymous networks like TOR.
Ransomware can be detected by analyzing five things that help to examine its behaviour on the Bitcoin blockchain. These are: The features that can be extracted from the Bitcoin network to predict ransomware payments Examining if the ransomware family is corresponding manifest behaviour overtime on the Bitcoin blockchain, The similarity in the actions of distinct ransomware operators on the Bitcoin blockchain, Discovering ransom payments through Bitcoins that aren’t reported to companies dealing with Blockchain Data analytics or law agencies, and lastly discovering new emerging ransomware families on the Bitcoin blockchain based on the previous existing families. Two primary research problems are formulated to analyze the five things: predicting unrevealed payments made to ransomware families addresses and detecting a new emerging ransomware family.
The two research questions are solved using four existing baseline methods and a topological data analysis method that gives good results. The first method is the naïve similarity search where addresses in a particular time window t are used and pairwise cosines similarly computed to ransomware addresses that are known from past l days. The second is the use of co-spending and transition heuristics which are used to evaluate data on inputs and addresses to detect if they belong to the same user. The third method is the use of clustering-DBSCAN and clustering- hierarchical. DBSCAN has the ability to mark the outlier points in lower-density areas that lie alone as noise. In clustering-hierarchial, k-means clustering and Forgy mechanism-based current seed selection are used. The fourth methods are the tree-based approach where extreme gradient boosting trees and random forest are used to apply gradient boosting to decision trees and estimate dependent variables of different simple decision trees by ensembling them. Lastly, the concept of Topological Data analysis that uses systematic data analysis patterns like flares and cycles, which are measured at different resolution scales to get data patterns.
The recent developments in technology have resulted in rising in cybercrime which affects the bitcoin blockchain. Ransomware can be detected by studying their behaviour on the Bitcoin blockchain. The methods used to see this issue are based on baseline methods and Topological Data Analysis. The recent advancements in the Topological Data Analysis have improved the efficiency in the detection of ransomware.