Loading [a11y]/accessibility-menu.js
Blacklist vs. Whitelist-Based Ransomware Solutions | IEEE Journals & Magazine | IEEE Xplore

Blacklist vs. Whitelist-Based Ransomware Solutions


Abstract:

Ransomware, which is one type of malware, encrypts a user's files on a device and then requires the user to pay a ransom to recover the damaged files. The amount of ranso...Show More

Abstract:

Ransomware, which is one type of malware, encrypts a user's files on a device and then requires the user to pay a ransom to recover the damaged files. The amount of ransomware is growing so rapidly that it constituted more than 70% of the malware found in 2017. Although many ransomware solutions have been released, similar to traditional antimalware solutions, most ransomware solutions are designed based on a blacklist that includes the code signatures of known ransomware. However, such blacklist-based solutions cannot prevent unknown ransomware, which may be either new or a variation of an existing ransomware. Another solution is to continuously monitor the abnormal behavior of every software program running on a user's device. To do so, some solutions monitor the executing programs that access the files stored on a device, while other solutions specify a folder as a safe folder and control executing programs when they access the objects in the folder. However, these solutions can degrade the performances of devices or inconvenience users. This article presents a new solution to detect/prevent ransomware using a whitelist. We analyze the file operation procedures of a user-device operating system and then implement a whitelist-based access control as a partial file operation procedure. Since the solution utilizes a whitelist and not a blacklist, it does not need to patch in the information on new ransomware regularly provided by a ransomware solution provider. Therefore, it can prevent both unknown and future ransomware in real time.
Published in: IEEE Consumer Electronics Magazine ( Volume: 9, Issue: 3, 01 May 2020)
Page(s): 22 - 28
Date of Publication: 02 April 2020

ISSN Information:

Funding Agency:


References

References is not available for this document.