ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술지 Rcryptect: Real-time Detection of Cryptographic Function in the User-space Filesystem
Cited 0 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
저자
이승광, 조남수, 정도영, 강유성, 김명철
발행일
202201
출처
Computers & Security, v.112, pp.1-13
ISSN
0167-4048
출판사
Elsevier
DOI
https://dx.doi.org/10.1016/j.cose.2021.102512
협약과제
21ZR1300, 지능형 사이버 보안 및 신뢰 인프라 기술 연구, 김익균
초록
The existing methods of ransomware detection have limitations. To be specific, static analysis is not effective to obfuscated binaries, while dynamic analysis is usually restricted to a certain platform and often takes tens of minutes. In this paper, we propose a block-level monitoring system to detect potentially malicious cryptographic operations. We carry out statistical analysis to find heuristic rules to distinguish between normal and encrypted blocks. In order to apply the heuristic rule to the filesystem without kernel modification, we adopt Filesystem in Userspace (FUSE) and define our filesystem Rcryptect for real-time detection of cryptographic function. We demonstrate the protection of well-known ransomware and show that various cryptographic functions can be detected with about 13% overhead.
키워드
Cryptographic function detection, Device security, Entropy, FUSE, Ransomware
KSP 제안 키워드
Carry out, Cryptographic Function Detection, Dynamic analysis, Heuristic rules, Monitoring system, Obfuscated Binaries, Statistical Analysis, device security, real-time detection, static analysis, user space