Skip to main content

Advertisement

Springer Nature Link
Log in

Real-time open-file backup system with machine-learning detection model for ransomware

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The recent rapid increase in ransomware attacks has heightened threat levels for various targets, including critical infrastructure. Traditional signature-based detection methods are effective against known ransomware but struggle to address unknown and obfuscated attacks. Furthermore, in current machine-learning-based detection approaches, files are at risk of encryption during the detection time, i.e., the time taken from detection of the ransomware to its termination. In response to these issues, this study proposes the Real-time Open-File Backup System (ROFBS), which aims to minimize encryption damage by performing immediate backups upon file opening detection. We conduct three experiments to evaluate the effectiveness of ROFBS. First, we measure the backup ratio during ransomware attacks and find consistently high backup rates for ROFBS. Second, we analyze detection time trends and find that longer detection times correlate with an increase in encrypted files. Third, we measure central processing unit, memory, and disk input/output usage. Results indicate that the impact of ROFBS on normal system performance is minimal. These experiments not only quantitatively demonstrate the effectiveness of ROFBS but also highlight the importance of considering detection time in future research. The results of this study suggest that ROFBS can enhance defense against ransomware attacks and ensure data security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Algorithm 1
Fig. 7
Algorithm 2
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. FPR is 0% and FNR is 0% in all algorithms.

References

  1. CyberEdge Group: Report Defense Cyberthreat 2023. https://cyberedgegroup.com/cdr/ (2023). Accessed 29 July 2024

  2. Caroscio, E., Paul, J., Murray, J., Bhunia, S.: Analyzing the ransomware attack on D.C. metropolitan police department by Babuk. In: Proceedings of the 2022 International Systems Conference (SysCon), pp 1–8 (2022)

  3. Alwashali, A. A. M. A., Rahman, N. A. A., Ismail, N.: A Survey of ransomware as a service (RaaS) and methods to mitigate the attack. In: Proceedings of the 14th International Conference on Developments in eSystems Engineering (DeSE), pp 92–96 (2021)

  4. Allianz: Allianz Commercial Cyber Security Trends 2023. https://commercial.allianz.com/news-and-insights/reports/cyber-security-trends-2023.html (2023). Accessed 29 July 2024

  5. Aslan, Ö., Samet, R.: A comprehensive review on malware detection approaches. IEEE Access. 8, 6249–6271 (2020). https://doi.org/10.1109/ACCESS.2019.2963724

    Article  MATH  Google Scholar 

  6. Amjad, A., Algarni, A.: Ransomware detection using machine learning: a survey. Big Data Cognit Comput. 7(3), 143 (2023). https://doi.org/10.3390/bdcc7030143

    Article  MATH  Google Scholar 

  7. Zhuravchak, D., Dudykevych, V.: Real-time ransomware detection by using eBPF and natural language processing and machine learning. In: Proceedings of the 2023 IEEE 5th International Conference on Advanced Information and Communication Technologies (AICT), pp 1-4 (2023). https://doi.org/10.1109/AICT61584.2023.10452697

  8. Kok, S., Abdullah, A., Jhanjhi, N., Supramaniam, M.: Ransomware, threat and detection techniques: a review. Int. J. Comput. Sci. Netw. Secur. 19(2), 136 (2019)

    Google Scholar 

  9. Fujinoki, H., Manukonda, L.: Proactive damage prevention from zero-day ransomwares. In: Proceedings of the 2023 5th International Conference on Computer Communication and the Internet (ICCCI), pp 133-141 (2023). https://doi.org/10.1109/ICCCI59363.2023.10210183

  10. Surati, S.B., Prajapati, G.I.: A review on ransomware detection & prevention. Int. J. Res. Sci. Innov. (IJRSI) 4(9), 86–91 (2017)

    MATH  Google Scholar 

  11. Trend Micro: Rethinking Tactics: 2022 Annual Cybersecurity Roundup. https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports (2022). Accessed 29 July 2024

  12. Kosuke, H., Ryotaro, K.: Real-time defense system using ebpf for machine learning-based ransomware detection method. In: Proceedings of the 2023 Eleventh International Symposium on Computing and Networking Workshops (CANDARW), pp 213-219 (2023). https://doi.org/10.1109/CANDARW60564.2023.00043

  13. Irshad, A., Maurya, R., Dutta, M. K., Burget, R., Uher, V.: Feature optimization for run time analysis of malware in windows operating system using machine learning approach. In: Proceedings of the 42nd International Conference on Telecommunications and Signal Processing (TSP), pp 255–260 (2019)

  14. Shaukat, K. S., Ribeiro, J. V.: RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. In: Proceedings of the 10th International Conference on Communication System & Networks (COMSNETS), pp 356–368 (2018)

  15. Almousa, M., Osawere, J., Anwar, M.: Identification of ransomware families by analyzing network traffic using machine learning techniques. In: Proceedings of the Third International Conference on Transdisciplinary AI (TransAI), pp 19–24 (2021)

  16. Berrueta, E., Morato, D., Magaña, E., Izal, M.: Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic. Expert Syst. Appl. (2022). https://doi.org/10.1016/j.eswa.2022.118299

    Article  Google Scholar 

  17. Wadkar, M., Troia, F.D., Stamp, M.: Detecting malware evolution using support vector machines. Expert Syst. Appl. 143, 113022 (2022)

    Article  MATH  Google Scholar 

  18. Bokolo, B., Jinad, R., Liu, Q.: A comparison study to detect malware using deep learning and machine learning techniques. In: Proceedings of the 6th International Conference on Big Data and Artificial Intelligence (BDAI), pp 1–6 (2023)

  19. Maniath, S., Ashok, A., Poornachandran, P., Sujadevi, V. G., Sankar, P. A. U., Jan, S.: Deep learning LSTM based ransomware detection. In: Proceedings of the 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE), pp 442–446 (2017)

  20. Tsunewaki, K., Kimura, T., Cheng, J.: LSTM-based ransomware detection using API call information. In: Proceedings of the International Conference on Consumer Electronics, pp 211–212 (2022)

  21. Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Depend. Secure Comput. 15(1), 83–97 (2018). https://doi.org/10.1109/TDSC.2016.2536605

    Article  Google Scholar 

  22. Caviglione, L., Mazurczyk, W., Repetto, M., Schaffhauser, A., Zuppelli, M.: Kernel-level tracing for detecting stegomalware and covert channels in Linux environments. Comput. Netw. 191, 108010 (2021). https://doi.org/10.1016/j.comnet.2021.108010

    Article  Google Scholar 

  23. Gómez-Hernández, J.A., Álvarez-González, L., García-Teodoro, P.: R-locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389–398 (2018). https://doi.org/10.1016/j.cose.2017.11.019

    Article  Google Scholar 

  24. Mehnaz, S., Mudgerikar, A., Bertino, E.: RWGuard: a real-time detection system against cryptographic ransomware. In: Proceedings of the 21st International Symposium on Research in Attacks, Intrusions and Defenses, pp 114–136 (2018)

  25. Zhuravchak, D., Ustyianovych, T., Dudykevych, V., Venny, B., Ruda, K.: Ransomware prevention system design based on file symbolic linking honeypots. In: Proceedings of the 11th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), pp 284–287 (2021)

  26. Lee, S., Kim, H.K., Kim, K.: Ransomware protection using the moving target defense perspective. Comput. Electr. Eng. 78, 288–299 (2019). https://doi.org/10.1016/j.compeleceng.2019.07.014

    Article  MATH  Google Scholar 

  27. Kok, S.H., Abdullah, A., Jhanjhi, N., Supramaniam, M.: Prevention of crypto-ransomware using a pre-encryption detection algorithm. Computers 8(4), 79 (2019). https://doi.org/10.3390/computers8040079

    Article  Google Scholar 

  28. Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on android platform. Mob. Inf. Syst. 2016, 1–9 (2016). https://doi.org/10.1155/2016/2946735

    Article  MATH  Google Scholar 

  29. Cusack, G., Michel, O., Keller, E.: Machine learning-based detection of ransomware using SDN. In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp 1-6 (2018). https://doi.org/10.1145/3180465.3180467

  30. Jung, J., Jeon, C., Wolotsky, M., Yun, I., Kim, T.: AVPASS: leaking and bypassing antivirus detection model automatically. In: Black Hat USA - Briefings, Las Vegas, NV, USA (2017)

  31. Monika, Zavarsky, P., Lindskog, D.: Experimental analysis of ransomware on windows and android platforms: evolution and characterization. In: Procedia Computer Science 94, 465-472 (2016). https://doi.org/10.1016/j.procs.2016.08.072

  32. Draios. https://github.com/draios/sysdig(2014). Accessed 25 Oct 2024

  33. Falcosecurity. https://github.com/falcosecurity/falco(2016). Accessed 25 Oct 2024

  34. What is eBPF? An introduction and deep dive into the eBPF technology. https://ebpf.io/what-is-ebpf (2023). Accessed 25 Mar 2023

  35. BCC - tools for BPF-based linux IO analysis, networking, monitoring, and more. https://github.com/iovisor/bcc (2023). Accessed 25 Mar 2023

  36. Davies, S.R., Macfarlane, R., Buchanan, W.J.: NapierOne: a modern mixed file data set alternative to Govdocs1. Forensic Sci. Int. Digit. Investig. (2022). https://doi.org/10.1016/j.fsidi.2021.301330

    Article  MATH  Google Scholar 

  37. Alzahrani, S., Xiao, Y., Sun, W.: An analysis of conti ransomware leaked source codes. IEEE Access 10, 100178–100193 (2022). https://doi.org/10.1109/ACCESS.2022.3207757

Download references

Acknowledgements

This work was supported in part by JSPS KAKENHI Grant Number 23K11108.

Author information

Authors and Affiliations

  1. Kogakuin University, 1-24-2 Nishi-Shinjuku, Shinjuku-ku, Tokyo, Japan

    Kosuke Higuchi & Ryotaro Kobayashi

Authors
  1. Kosuke Higuchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryotaro Kobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kosuke Higuchi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Higuchi, K., Kobayashi, R. Real-time open-file backup system with machine-learning detection model for ransomware. Int. J. Inf. Secur. 24, 54 (2025). https://doi.org/10.1007/s10207-024-00966-1

Download citation

  • Published:

  • DOI: https://doi.org/10.1007/s10207-024-00966-1

Keywords