Detecting Ransomware Execution in a Timely Manner

01/12/2022
by   Anthony Melaragno, et al.
0

Ransomware has been an ongoing issue since the early 1990s. In recent times ransomware has spread from traditional computational resources to cyber-physical systems and industrial controls. We devised a series of experiments in which virtual instances are infected with ransomware. We instrumented the instances and collected resource utilization data across a variety of metrics (CPU, Memory, Disk Utility). We design a change point detection and learning method for identifying ransomware execution. Finally we evaluate and demonstrate its ability to detect ransomware efficiently in a timely manner when trained on a minimal set of samples. Our results represent a step forward for defense, and we conclude with further remarks for the path forward.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset