Ransomware Analysis

Claudia Lanza is currently a Research Fellow at the University of Calabria. After a yearly visting abroad period as PhD student with the TALN group at the University of Nantes, she obtained a PhD title in 2021 in ICT on a thesis focusing on the Semantic control within the Cybersecurity domain. In 2023 she was Visiting Researcher in Nancy at LORIA working on the creation of cyber-attacks classification tools as a means of guaranteeing a monitoring semantic activity in Cybersecurity triaging procedures. Her research interests cover Information Science, Documentation, Information Retrieval, Knowledge organization and representation, and Specialized domain-oriented terminology systematization. In this monograph Claudia Lanza is the author specifically of the whole Chapter 1; for Chapter 2 is the author of Section 2.1; for Chapter 3 is the author of Section 3.2. and Sub-section 3.2.1; for Chapter 4 is the author of Section 4.1. and Sub-sections 4.1.1., 4.1.2, 4.1.2.1, 4.1.2.2, Section 4.2. and Sub-sections 4.2.1, 4.2.2, and Sub-section 4.3.2. Abdelkader Lahmadi is an associate professor in computer science at University of Lorraine, teaching at ENSEM engineering school and doing research at LORIA and Inria in RESIST research team. Abdelkader’s research interests are in the area of cybersecurity and threat analysis in networked systems (IoT, industrial systems, 5G, etc.). More in detail, he is investigating innovative solutions in the area of automated cyber security using AI for anomaly detection, mitigation, and proactive approaches. In this area, he developed and patented a technology, named SCUBA, for discovering in an automated way the attack paths that can be exploited by an attacker through the assets of a given network. He has a Ph.D. and engineering degree in computer science. Since 2018, he has been the head of ISN (Digital Systems Engineers) degree at the ENSEM engineering school in Nancy. He has been scientific director of the LHS (High Security Laboratory) in Nancy since 2020, specializing in experimentation and analysis for cybersecurity research. Throughout his professional career, Abdelkader has contributed to numerous software developments and prototypes to validate his scientific research. He is a co-founder of CYBI, a spin-off of University of Lorraine and Inria focused on automated cybersecurity solutions using AI systems for attack path management. Jérôme François is a senior research scientist at the university of Luxembourg in the research group SEDAN (Service and Data Management) at SnT (https://wwwen.uni.lu/snt/research/sedan) and is an affiliate member of LORIA and INRIA Lab in Nancy, France where he was a researcher and deputy team leader of RESIST team from 2014 to 2023. He received a Ph.D. degree in computer science from the University of Lorraine, France, in December 2009. His area of research is is network and service management but with a focus on security management. He developed a strong scientific expertise and practical experience in the adaptation and application of Machine Learning methods in this area. This covers different topics such as that anomaly detection, phishing prevention, botnet modelling, or honeypot and darknet monitoring as endorsed by his publications. He participated in different national and European projects (SPARTA European Cybersecurity Competence Network, French EPR on cybersecurity , H2020 AI@EDGE, H2020 SecureIoT) and was leading the NATO international research project ThreatPredict. He developed strong partnerships with industries (e.g. Orange, Thales) and academia (joint teams with University of Waterloo in Canada and Osaka in Japan). He is a core member of network and service management community by taking several responsibilities regarding conference organization and by leading IRTF Network Management Research Group (NMRG). He is the co-founder of Cybi (https://www.cybi.fr/), a cybersecurity startup built on top of research results regarding attack path management. In this monograph Abdelkader Lahmadi and Jérôme François are the authors specifically of the whole Chapter 2 except for just Section 2.1; for Chapter 3 are the authors of Section 3.1, and Sub-sections 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, Section 3.3. 3.3. and Sub-sections 3.3.1, 3.3.2 ; for Chapter 4 are the authors of Sub-section 4.1.2.3, Section 4.3 and Sub-section 4.3.1. The three authors jointly collaborated for the Preface and Conclusion sections.

Foreword. Preface. Authors. List of Figures. List of Tables. 1. Classification and knowledge representation. 2. Cyber threat knowledge. 3. Building a ransomware knowledge base. 4. Semantic modelling and knowledge classification. 5. Conclusion. Bibliography.