RTrap: Trapping and Containing Ransomware With Machine Learning

Gaddisa Olani Ganfure*, Chun Feng Wu, Yuan Hao Chang*, Wei Kuan Shih

*此作品的通信作者

研究成果: Article同行評審

8 引文 斯高帕斯(Scopus)

摘要

With advances in social engineering tricks and other technical shortcomings, ransomware attacks have become a severe cybercrime affecting organizations of all shapes and sizes. Although the security teams are making plenty of ransomware detection tools, the ransomware incident report shows they are ineffective in detecting emerging ransomware attacks. This work presents 'RTrap,' a systematic framework to detect and contain ransomware efficiently and effectively via machine learning-generated deceptive files. Using a data-driven decoy file selection and generation strategy, RTrap plants deceptive decoy files across the directory to lure the ransomware to access it. RTrap also introduced a lightweight decoy watcher to monitor generated decoy files in real time. As the timing of the ransomware attack is not known to the victim in advance, and the ransomware encryption process is speedy, the proposed decoy-watcher executes an automatic/automated response after the detection promptly. The experiment shows that RTrap can detect ransomware with an average 18 file loss per 10311 legitimate user files.

原文English
頁(從 - 到)1433-1448
頁數16
期刊IEEE Transactions on Information Forensics and Security
18
DOIs
出版狀態Published - 2023

指紋

深入研究「RTrap: Trapping and Containing Ransomware With Machine Learning」主題。共同形成了獨特的指紋。

引用此