Using Software-Defined Networking for Ransomware Mitigation: the Case of CryptoWall

TL;DR

This paper explores how Software-Defined Networking (SDN) can be used to detect and mitigate CryptoWall ransomware in real-time, offering a promising approach that maintains network performance.

Contribution

It introduces two real-time mitigation methods for CryptoWall ransomware using SDN and demonstrates an efficient, practical SDN-based system with experimental validation.

Findings

The SDN-based system effectively detects CryptoWall behavior.

Mitigation methods operate in real-time without significant network performance impact.

Experimental results confirm the approach's feasibility and efficiency.

Abstract

Currently, different forms of ransomware are increasingly threatening Internet users. Modern ransomware encrypts important user data and it is only possible to recover it once a ransom has been paid. In this paper we show how Software-Defined Networking (SDN) can be utilized to improve ransomware mitigation. In more detail, we analyze the behavior of popular ransomware - CryptoWall - and, based on this knowledge, we propose two real-time mitigation methods. Then we designed the SDN-based system, implemented using OpenFlow, which facilitates a timely reaction to this threat, and is a crucial factor in the case of crypto ransomware. What is important is that such a design does not significantly affect overall network performance. Experimental results confirm that the proposed approach is feasible and efficient.