1st Edition

Ransomware Analysis Knowledge Extraction and Classification for Advanced Cyber Threat Intelligence

    112 Pages 47 B/W Illustrations
    by CRC Press

    This book presents the development of a classification scheme to organize and represent ransomware threat knowledge through the implementation of an innovative methodology centred around the semantic annotation of domain-specific source documentation. By combining principles from computer science, document management, and semantic data processing, the research establishes an innovative framework to organize ransomware data extracted from specialized source texts in a systematic classification system.


    Through detailed chapters, the book explores the process of applying semantic annotation to a specialized corpus comprising CVE prose descriptions linked to known ransomware threats. This approach not only organizes but also deeply analyzes these descriptions, uncovering patterns and vulnerabilities within ransomware operations.  The book presents a pioneering methodology that integrates CVE descriptions with ATT&CK frameworks, significantly refining the granularity of threat intelligence.


    The insights gained from a pattern-based analysis of vulnerability-related documentation are structured into a hierarchical model within an ontology framework, enhancing the capability for predictive operations. This model prepares cybersecurity professionals to anticipate and mitigate risks associated with new vulnerabilities as they are cataloged in the CVE list, by identifying recurrent characteristics tied to specific ransomware and related vulnerabilities.


    With real-world examples, this book empowers its readers to implement these methodologies in their environments, leading to improved prediction and prevention strategies in the face of growing ransomware challenges.


    Foreword. Preface. Authors. List of Figures. List of Tables. 1. Classification and knowledge representation. 2. Cyber threat knowledge. 3. Building a ransomware knowledge base. 4. Semantic modelling and knowledge classification. 5. Conclusion. Bibliography.


    Claudia Lanza is currently a Research Fellow at the University of Calabria. After a yearly
    Visting abroad period as PhD student with the TALN group at the University of Nantes,
    she obtained a PhD title in 2021 in ICT on a thesis focusing on the Semantic control
    within the Cybersecurity domain. In 2023 she was Visiting Researcher in Nancy at LORIA
    working on the creation of cyber-attacks classification tools as means of guaranteeing a
    monitoring semantic activity in Cybersecurity triaging procedures. Her research interests
    cover Information Science, Documentation, Information Retrieval, Knowledge organization
    and representation, and Specialized domain-oriented terminology systematization.

    Abdelkader Lahmadi is an associate professor in computer science at University of Lorraine,
    teaching at ENSEM engineering school and doing research at LORIA and Inria in
    RESIST research team. Abdelkader’s research interests are in the area of cybersecurity and
    threat analysis in networked systems (IoT, industrial systems, 5G etc.). More in detail, he
    is investigating innovative solutions in the area of automated cyber security using AI for
    anomaly detection, mitigation and proactive approaches. In this area, he developed and
    patented a technology, named SCUBA, for discovering in an automated way the attack
    paths that can be exploited by an attacker through the assets of a given network. He has a
    Ph.D. and engineering degree in computer science. Since 2018, he is the head of ISN (Digital
    Systems Engineers) degree at the ENSEM engineering school in Nancy. He is the scientific
    director of the LHS (High Security Laboratory) in Nancy since 2020, specializing in experimentation and analysis for cybersecurity research. Throughout his professional career,
    Abdelkader has contributed to numerous software developments and prototypes to validate
    his scientific research. He is a co-founder of CYBI, a spin-off of University of Lorraine and
    Inria focused on automated cybersecurity solutions using AI systems for attack path management.

    Jérôme François is a senior research scientist at the university of Luxembourg
    in the research group SEDAN (Service and Data Management) at SnT (https://wwwen.uni.lu/snt/research/sedan) and is an affiliate member of LORIA and INRIA
    Lab in Nancy, France where he was a researcher and deputy team leader of RESIST
    team from 2014 to 2023. He received a Ph.D. degree in computer science from the University
    of Lorraine, France, in December 2009. His area of research is is network and service
    management but with a focus on security management. He developed a strong scientific
    expertise and practical experience in the adaptation and application of Machine Learning
    methods in this area. This covers different topics such that anomaly detection, phishing
    prevention, botnet modelling or honeypot and darknet monitoring as endorsed by his publications.
    He participated in different national and European projects (SPARTA European Cybersecurity Competence Network, French PEPR on cybersecurity , H2020 AI@EDGE,
    H2020 SecureIoT) and was leading the NATO international research project ThreatPredict.
    He developed strong partnerships with industries (e.g. Orange, Thales) and academia (joint
    teams with University of Waterloo in Canada and Osaka in Japan). He is a core member
    of network and service management community by taking several responsibilities regarding
    conference organization and by leading IRTF Network Management Research Group
    (NMRG). He is the co-founder of Cybi (https://www.cybi.fr/), a cybersecurity startup
    built on top of research results regarding attack path management.