Abstract
We present the Malware - O - Matic analysis platform and the Data Aware Defense ransomware countermeasure based on real time data gathering with as little impact as possible on system performance. Our solution monitors (and blocks if necessary) file system activity of all userland threads with new indicators of compromise. We successfully detect 99.37% of our 798 active ransomware samples with at most 70 MB lost per sample’s thread in 90% of cases, or less than 7 MB in 70% of cases. By a careful analysis of the few false negatives we show that some ransomware authors are specifically trying to hide ongoing encryption. We used free (as in free beer) de facto industry standard benchmarks to evaluate the impact of our solution and enable fair comparisons. In all but the most demanding tests the impact is marginal.
Cite
CITATION STYLE
Palisse, A., Durand, A., Le Bouder, H., Le Guernic, C., & Lanet, J. L. (2017). Data aware defense (DaD): Towards a generic and practical ransomware countermeasure. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10674 LNCS, pp. 192–208). Springer Verlag. https://doi.org/10.1007/978-3-319-70290-2_12
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
