Rcryptect: Real-time detection of cryptographic function in the user-space filesystem

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 38
  • Download : 0
The existing methods of ransomware detection have limitations. To be specific, static analysis is not effective to obfuscated binaries, while dynamic analysis is usually restricted to a certain platform and often takes tens of minutes. In this paper, we propose a block level monitoring system to detect potentially malicious cryptographic operations. We carry out statistical analysis to find heuristic rules to distinguish between normal and encrypted blocks. In order to apply the heuristic rule to the filesystem without kernel modification, we adopt Filesystem in Userspace (FUSE) and define our filesystem Rcryptect for real-time detection of cryptographic function. We demonstrate the protection of well-known ransomware and show that various cryptographic functions can be detected with about 13% overhead. (c) 2021 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license ( http://creativecommons.org/licenses/by-nc-nd/4.0/ )
Publisher
ELSEVIER ADVANCED TECHNOLOGY
Issue Date
2022-01
Language
English
Article Type
Article
Citation

COMPUTERS & SECURITY, v.112

ISSN
0167-4048
DOI
10.1016/j.cose.2021.102512
URI
http://hdl.handle.net/10203/290093
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0