R-Sentry: Deception based ransomware detection using file access patterns. (October 2022)
- Record Type:
- Journal Article
- Title:
- R-Sentry: Deception based ransomware detection using file access patterns. (October 2022)
- Main Title:
- R-Sentry: Deception based ransomware detection using file access patterns
- Authors:
- Sheen, Shina
Asmitha, K A
Venkatesan, Sridhar - Abstract:
- Highlights: Exponential increase in ransomware attacks indicates that the current detection mechanisms can still be bypassed. Most of the techniques developed use a reactive approach to detection which is based on responding to events after they have happened. Since ransomware attacks are dealing with sensitive data and the encryption process is irreversible unless a ransom is paid, an early warning system which can defend against this type of malware is to be developed. A deception-based method for early detection of ransomware by distributing honey files in various folders based on several criteria depending on the traversal patterns of ransomware is developed. Abstract: Ransomware has emerged as a major threat to users, resorting to file encryption and system locking, demanding a ransom to release their files. Current mitigation techniques are reactive, leading to the loss of files before ransomware is identified. We propose R-Sentry, a lightweight and real-time solution using honey files as deception, for the early detection of crypto ransomware. Honey files are disseminated throughout the filesystem, which if accessed, will alert the detection system leading to proactive termination of the ransomware process before encryption begins. Determining the optimal placement of honey files within a file system is challenging. R Sentry determines the optimal placement of honey files across various folders by analyzing the file traversal patterns of existing and future ransomwareHighlights: Exponential increase in ransomware attacks indicates that the current detection mechanisms can still be bypassed. Most of the techniques developed use a reactive approach to detection which is based on responding to events after they have happened. Since ransomware attacks are dealing with sensitive data and the encryption process is irreversible unless a ransom is paid, an early warning system which can defend against this type of malware is to be developed. A deception-based method for early detection of ransomware by distributing honey files in various folders based on several criteria depending on the traversal patterns of ransomware is developed. Abstract: Ransomware has emerged as a major threat to users, resorting to file encryption and system locking, demanding a ransom to release their files. Current mitigation techniques are reactive, leading to the loss of files before ransomware is identified. We propose R-Sentry, a lightweight and real-time solution using honey files as deception, for the early detection of crypto ransomware. Honey files are disseminated throughout the filesystem, which if accessed, will alert the detection system leading to proactive termination of the ransomware process before encryption begins. Determining the optimal placement of honey files within a file system is challenging. R Sentry determines the optimal placement of honey files across various folders by analyzing the file traversal patterns of existing and future ransomware variants. Empirically we show that ransomware samples that follow several identified traversal patterns are immediately detected. In particular, for a scenario with 10 folders comprising 80 files, the number of honey files placed in folders was as less as 15. Graphical abstract: R Sentry: Deception based Ransomware detection using File access patterns. Image, graphical abstract … (more)
- Is Part Of:
- Computers & electrical engineering. Volume 103(2022)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 103(2022)
- Issue Display:
- Volume 103, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 103
- Issue:
- 2022
- Issue Sort Value:
- 2022-0103-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-10
- Subjects:
- Ransomware detection -- File traversal -- File access criteria -- Deception -- Honey file
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2022.108346 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24061.xml