2023
DOI: 10.1109/access.2023.3279819
|View full text |Cite
|
Sign up to set email alerts
|

Detection of Ransomware Attacks Using Processor and Disk Usage Data

Abstract: Ransomware often evades antivirus tools, encrypts files, and renders the target computer and its data unusable. The current approaches to detect such ransomware include monitoring processes, system calls, and file activities on the target system and analyzing the data collected. Monitoring multiple processes has a very high overhead; newer ransomware may interfere with the monitoring and corrupt the collected data. This paper presents a robust and practical approach to detecting ransomware in execution on a vi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
6
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
5
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 11 publications
(6 citation statements)
references
References 34 publications
0
6
0
Order By: Relevance
“…The field of deep learning-powered malware detection encompasses various challenges and solutions [118][119][120][121][122][123]. One significant challenge is handling 0-day attacks, as deep learning models traditionally rely on historical data and struggle against novel, unseen threats [124][125][126][127][128].…”
Section: Open Challengesmentioning
confidence: 99%
“…The field of deep learning-powered malware detection encompasses various challenges and solutions [118][119][120][121][122][123]. One significant challenge is handling 0-day attacks, as deep learning models traditionally rely on historical data and struggle against novel, unseen threats [124][125][126][127][128].…”
Section: Open Challengesmentioning
confidence: 99%
“…Particularly, studies have shown that ransomware frequently encrypts files using advanced algorithms and communicates with remote servers for instructions or data transmission [1]. This dynamic scrutiny has been instrumental in formulating more effective incident response strategies by identifying unique characteristics and tactics of ransomware, including evasion techniques to bypass traditional security measures [34,35]. Additionally, the analysis has played a crucial role in tracking the evolution of ransomware, highlighting how these threats adapt and find new ways to evade detection [36,37].…”
Section: Ransomware Dynamic Analysismentioning
confidence: 99%
“…This method monitors changes in files and directories during an attack, helping identify specific encryption techniques [40]. Hardware statistics such as CPU Hardware Performance Counters (HPCs) are also utilized to detect anomalous patterns indicative of ransomware, as encryption processes typically lead to a spike in CPU usage [5,40,39,34]. Memory usage analysis is another critical aspect, in which by examining the memory footprint and access patterns of processes, it is possible to detect ransomware that encrypts files in memory before writing to disk, identifying more sophisticated, in-memory encryption techniques [35,36].…”
Section: Ransomware Dynamic Analysismentioning
confidence: 99%
See 2 more Smart Citations