Davide Sanvito
ABSTRACT
Behavioural analysis based on filesystem operations is one of the most promising approaches for the detection of ransomware. Nonetheless, tracking all the operations on all the files for all the processes can introduce a significant overhead on the monitored system. We present MUSTARD, a solution to dynamically adapt the degree of monitoring for each process based on their behaviour to achieve a reduction of monitoring resources for the benign processes.
- 2016. ShieldFS dataset. http://shieldfs.necst.it. (2016). Accessed July 2022.Google Scholar
- 2017. State of Malware Report. Technical Report. Malwarebytes. https://www. malwarebytes.com/pdf/white-papers/stateofmalware.pdf Accessed July 2022.Google Scholar
- Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, and Federico Maggi. 2016. Shieldfs: a self-healing, ransomware-aware filesystem. In Proceedings of the 32nd annual conference on computer security applications. 336--347.Google ScholarDigital Library
- Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. 2016. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In 25th USENIX security symposium (USENIX Security 16). 757--772.Google Scholar
- Kyungroul Lee, Sun-Young Lee, and Kangbin Yim. 2019. Machine learning based file entropy analysis for ransomware detection in backup systems. IEEE Access 7 (2019), 110205--110215.Google ScholarCross Ref
- Timothy McIntosh, ASM Kayes, Yi-Ping Phoebe Chen, Alex Ng, and PaulWatters. 2021. Ransomware mitigation in the modern era: A comprehensive review, research challenges, and future directions. ACM Computing Surveys (CSUR) 54, 9 (2021), 1--36.Google ScholarDigital Library
- Routa Moussaileb, Nora Cuppens, Jean-Louis Lanet, and Hélène Le Bouder. 2021. A survey on windows-based ransomware taxonomy and detection mechanisms. ACM Computing Surveys (CSUR) 54, 6 (2021), 1--36.Google ScholarDigital Library
- Harun Oz, Ahmet Aris, Albert Levi, and A Selcuk Uluagac. 2021. A survey on ransomware: Evolution, taxonomy, and defense solutions. ACM Computing Surveys (CSUR) (2021).Google Scholar
- Nolen Scaife, Henry Carter, Patrick Traynor, and Kevin RB Butler. 2016. Cryptolock (and drop it): stopping ransomware attacks on user data. In 2016 IEEE 36th international conference on distributed computing systems (ICDCS). IEEE, 303--312.Google ScholarCross Ref
- Kimberly Tam, Aristide Fattori, Salahuddin Khan, and Lorenzo Cavallaro. 2015. Copperdroid: Automatic reconstruction of android malware behaviors. In NDSS Symposium 2015. 1--15.Google ScholarCross Ref
Index Terms
- Poster: MUSTARD - Adaptive Behavioral Analysis for Ransomware Detection
Recommendations
Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions
Although ransomware has been around since the early days of personal computers, its sophistication and aggression have increased substantially over the years. Ransomware, as a type of malware to extort ransom payments from victims, has evolved to deliver ...
R-Sentry: Deception based ransomware detection using file access patterns
Highlights- Exponential increase in ransomware attacks indicates that the current detection mechanisms can still be bypassed. Most of the techniques developed use a ...
AbstractRansomware has emerged as a major threat to users, resorting to file encryption and system locking, demanding a ransom to release their files. Current mitigation techniques are reactive, leading to the loss of files before ransomware ...
Graphical abstractDisplay Omitted
Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph
RACS '17: Proceedings of the International Conference on Research in Adaptive and Convergent SystemsIn recent cyber incidents, Ransom software (ransomware) causes a major threat to the security of computer systems. Consequently, ransomware detection has become a hot topic in computer security. Unfortunately, current signature-based and static ...
Comments