상세정보
학술지
Rcryptect: Real-time Detection of Cryptographic Function in the User-space Filesystem
- 발행일
- 202201
- 출처
- Computers & Security, v.112, pp.1-13
- ISSN
- 0167-4048
- 출판사
- Elsevier
- 협약과제
- 21ZR1300, 지능형 사이버 보안 및 신뢰 인프라 기술 연구, 김익균
- 초록
- The existing methods of ransomware detection have limitations. To be specific, static analysis is not effective to obfuscated binaries, while dynamic analysis is usually restricted to a certain platform and often takes tens of minutes. In this paper, we propose a block-level monitoring system to detect potentially malicious cryptographic operations. We carry out statistical analysis to find heuristic rules to distinguish between normal and encrypted blocks. In order to apply the heuristic rule to the filesystem without kernel modification, we adopt Filesystem in Userspace (FUSE) and define our filesystem Rcryptect for real-time detection of cryptographic function. We demonstrate the protection of well-known ransomware and show that various cryptographic functions can be detected with about 13% overhead.
- KSP 제안 키워드
- Carry out, Dynamic analysis, Heuristic rules, Monitoring system, Obfuscated Binaries, Statistical Analysis, cryptographic functions, real-time detection, static analysis, user space
본 저작물은 크리에이티브 커먼즈 저작자 표시 - 비영리 - 변경금지 (CC BY NC ND) 조건에 따라 이용할 수 있습니다.
