BROWSE
Detail
Journal Article
Rcryptect: Real-time Detection of Cryptographic Function in the User-space Filesystem
- Authors
- Seungkwang Lee, Nam-su Jho, Doyoung Chung, Yousung Kang, Myungchul Kim
- Issue Date
- 2022-01
- Citation
- Computers & Security, v.112, pp.1-13
- ISSN
- 0167-4048
- Publisher
- Elsevier
- Language
- English
- Type
- Journal Article
- Abstract
- The existing methods of ransomware detection have limitations. To be specific, static analysis is not effective to obfuscated binaries, while dynamic analysis is usually restricted to a certain platform and often takes tens of minutes. In this paper, we propose a block-level monitoring system to detect potentially malicious cryptographic operations. We carry out statistical analysis to find heuristic rules to distinguish between normal and encrypted blocks. In order to apply the heuristic rule to the filesystem without kernel modification, we adopt Filesystem in Userspace (FUSE) and define our filesystem Rcryptect for real-time detection of cryptographic function. We demonstrate the protection of well-known ransomware and show that various cryptographic functions can be detected with about 13% overhead.
- KSP Keywords
- Carry out, Dynamic analysis, Heuristic rules, Monitoring system, Obfuscated Binaries, Real-Time detection, Statistical Analysis, cryptographic functions, static analysis, user space
This work is distributed under the term of Creative Commons License (CCL)
(CC BY NC ND)
(CC BY NC ND)
