Rcryptect: Real-time detection of cryptographic function in the user-space filesystem
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Lee, Seungkwang | ko |
| dc.contributor.author | Jho, Nam-su | ko |
| dc.contributor.author | Chung, Doyoung | ko |
| dc.contributor.author | Kang, Yousung | ko |
| dc.contributor.author | Kim, Myungchul | ko |
| dc.date.accessioned | 2021-12-07T06:40:42Z | - |
| dc.date.available | 2021-12-07T06:40:42Z | - |
| dc.date.created | 2021-12-07 | - |
| dc.date.created | 2021-12-07 | - |
| dc.date.created | 2021-12-07 | - |
| dc.date.issued | 2022-01 | - |
| dc.identifier.citation | COMPUTERS & SECURITY, v.112 | - |
| dc.identifier.issn | 0167-4048 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/290093 | - |
| dc.description.abstract | The existing methods of ransomware detection have limitations. To be specific, static analysis is not effective to obfuscated binaries, while dynamic analysis is usually restricted to a certain platform and often takes tens of minutes. In this paper, we propose a block level monitoring system to detect potentially malicious cryptographic operations. We carry out statistical analysis to find heuristic rules to distinguish between normal and encrypted blocks. In order to apply the heuristic rule to the filesystem without kernel modification, we adopt Filesystem in Userspace (FUSE) and define our filesystem Rcryptect for real-time detection of cryptographic function. We demonstrate the protection of well-known ransomware and show that various cryptographic functions can be detected with about 13% overhead. (c) 2021 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license ( http://creativecommons.org/licenses/by-nc-nd/4.0/ ) | - |
| dc.language | English | - |
| dc.publisher | ELSEVIER ADVANCED TECHNOLOGY | - |
| dc.title | Rcryptect: Real-time detection of cryptographic function in the user-space filesystem | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000721360300012 | - |
| dc.identifier.scopusid | 2-s2.0-85118573876 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 112 | - |
| dc.citation.publicationname | COMPUTERS & SECURITY | - |
| dc.identifier.doi | 10.1016/j.cose.2021.102512 | - |
| dc.contributor.localauthor | Kim, Myungchul | - |
| dc.contributor.nonIdAuthor | Jho, Nam-su | - |
| dc.contributor.nonIdAuthor | Kang, Yousung | - |
| dc.description.isOpenAccess | N | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | Device security | - |
| dc.subject.keywordAuthor | Ransomware | - |
| dc.subject.keywordAuthor | Cryptographic function detection | - |
| dc.subject.keywordAuthor | Entropy | - |
| dc.subject.keywordAuthor | FUSE | - |
| dc.subject.keywordPlus | SOFTWARE-DEFINED NETWORKING | - |
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 7 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.