OutletGuarder: Detecting DarkSide Ransomware by Power Factor Correction Signals in an Electrical Outlet

2022 IEEE 28th International Conference on Parallel and Distributed Systems (ICPADS)(2023)

引用 3|浏览17
Ransomware is a kind of computer malware that has spread widely in recent years, such as DarkSide, which spread around the world recently. It’s reported that DarkSide extorted ${\$}$ 90 million in nine months. It extorts ransom from users by encrypting user files and other methods, causing huge economic losses to users, including commercial organizations and individuals. Existing ransomware detection methods include the hostbased methods and the network-based methods. However, these methods are either hard to deploy or have the possibility to be evaded. In this paper, we propose OutletGuarder, a non-intrusive detection method against DarkSide ransomware based on the signal generated by the Power Factor Correction module of the host computer’s power supply in electrical outlets, which carries the power consumption information of the host computer during the execution of DarkSide. By utilizing the power consumption variation among different programs, especially the power consumption caused by frequent encryption and I/O operations during the execution of DarkSide, OutletGuarder achieves a detection F1 Score of 97.50%. The impact of classification models and untrained programs, as well as the model transferability and robustness are evaluated.
Side channel monitoring,ransomware detection,power factor correction signal
AI 理解论文
Chat Paper