GuardFS: a File System for Integrated Detection and Mitigation of Linux-based Ransomware
CoRR(2024)
摘要
Although ransomware has received broad attention in media and research, this
evolving threat vector still poses a systematic threat. Related literature has
explored their detection using various approaches leveraging Machine and Deep
Learning. While these approaches are effective in detecting malware, they do
not answer how to use this intelligence to protect against threats, raising
concerns about their applicability in a hostile environment. Solutions that
focus on mitigation rarely explore how to prevent and not just alert or halt
its execution, especially when considering Linux-based samples. This paper
presents GuardFS, a file system-based approach to investigate the integration
of detection and mitigation of ransomware. Using a bespoke overlay file system,
data is extracted before files are accessed. Models trained on this data are
used by three novel defense configurations that obfuscate, delay, or track
access to the file system. The experiments on GuardFS test the configurations
in a reactive setting. The results demonstrate that although data loss cannot
be completely prevented, it can be significantly reduced. Usability and
performance analysis demonstrate that the defense effectiveness of the
configurations relates to their impact on resource consumption and usability.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要