TY - JOUR A2 - 夏尔马，维沙尔AU - 王，罗子涵AU - 刘，朝歌AU - 邱静AU - 田志宏AU - 崔翔AU - 苏，沉PY - 2018 DA - 2018年12月6日TI -自动回溯RDP-基于目标勒索攻击SP - 7943586 VL - 2018 AB - 虽然各种勒索防御系统已提出应对传统随机传播勒索攻击（基于其独特的高噪声的行为，在主机和网络），无of them considered ransomware attacks precisely aiming at specific hosts, e.g., using the common Remote Desktop Protocol (RDP). To address this problem, we propose a systematic method to fight such specifically targeted ransomware by trapping attackers via a network deception environment and then using traceback techniques to identify attack sources. In particular, we developed various monitors in the proposed deception environment to gather traceable clues about attackers, and we further design an analysis system that automatically extracts and analyze the collected clues. Our evaluations show that the proposed method can trap the adversary in the deception environment and significantly improve the efficiency of clue analysis. Furthermore, it also helps us trace back RDP-based ransomware attackers and ransomware makers in the practical applications. SN - 1530-8669 UR - https://doi.org/10.1155/2018/7943586 DO - 10.1155/2018/7943586 JF - Wireless Communications and Mobile Computing PB - Hindawi KW - ER -