RESUMEN
Ransomware is a malicious class of software that utilises encryption to implement an attack on system availability. The target's data remains encrypted and is held captive by the attacker until a ransom demand is met. A common approach used by many crypto-ransomware detection techniques is to monitor file system activity and attempt to identify encrypted files being written to disk, often using a file's entropy as an indicator of encryption. However, often in the description of these techniques, little or no discussion is made as to why a particular entropy calculation technique is selected or any justification given as to why one technique is selected over the alternatives. The Shannon method of entropy calculation is the most commonly-used technique when it comes to file encryption identification in crypto-ransomware detection techniques. Overall, correctly encrypted data should be indistinguishable from random data, so apart from the standard mathematical entropy calculations such as Chi-Square (χ2), Shannon Entropy and Serial Correlation, the test suites used to validate the output from pseudo-random number generators would also be suited to perform this analysis. The hypothesis being that there is a fundamental difference between different entropy methods and that the best methods may be used to better detect ransomware encrypted files. The paper compares the accuracy of 53 distinct tests in being able to differentiate between encrypted data and other file types. The testing is broken down into two phases, the first phase is used to identify potential candidate tests, and a second phase where these candidates are thoroughly evaluated. To ensure that the tests were sufficiently robust, the NapierOne dataset is used. This dataset contains thousands of examples of the most commonly used file types, as well as examples of files that have been encrypted by crypto-ransomware. During the second phase of testing, 11 candidate entropy calculation techniques were tested against more than 270,000 individual files-resulting in nearly three million separate calculations. The overall accuracy of each of the individual test's ability to differentiate between files encrypted using crypto-ransomware and other file types is then evaluated and each test is compared using this metric in an attempt to identify the entropy method most suited for encrypted file identification. An investigation was also undertaken to determine if a hybrid approach, where the results of multiple tests are combined, to discover if an improvement in accuracy could be achieved.
RESUMEN
The common technique to hermetically fill prepared root canals involves the use of "standardised" gutta-percha cones that are selected to fit the apical portion of the prepared canal space. These gutta-percha cones are manufactured to conform to a standard size and taper which should correspond to the size and taper of standard root canal instruments. Clinical observation of commercially available gutta-percha cones seemed to indicate that there is wide variation in the diameter and taper of "standardised" gutta-percha cones within the size range 25-35. The present study was undertaken to determine how closely current commercially available gutta-percha cones sizes 25, 30 and 35 conformed to the current ISO standard, and was initiated by the above clinical observation. It was not the purpose of this study to compare the results from different brands or manufacturers, but rather to establish whether commercially available gutta-percha cones collectively conformed to expected standardised sizes. One phial of cones for each of the sizes 25, 30 and 35 of eight different brands was selected for examination. The diameter of each of ten cones for each size from each brand was measured at two points, at 1 mm and at 6 mm from the tip of the cone. The results obtained for each size and each brand were tabulated and compared with ISO 6877:1995 for dental root canal obturating cones. This study demonstrated wide variability for cones from all brands, for all sizes, when individual cones of the same size were compared. While collectively the arithmetic means showed a closer correlation to the ISO Standard, irrespective of the brand size of the cone, or whether the cone was measured at 1 mm or 6 mm, many individual cones showed a great variation from the ideal. The need for less variability is discussed. It is concluded that ISO standard 6877:1995 is inappropriate- and allows for too much variation in the size of "standardised" gutta-percha cones.