Preventing Ransomware Attacks Through File System Filter Drivers

Abstract : Over the last years ransomware attacks have been widely spreading over the Internet, indiscriminately targeting home users as well as corporates and public agencies. Several approaches have been proposed to analyze and detect ransomware intrusions in literature, moving from combined heuristics, behavior analysis, sandbox-based solutions and machine learning techniques to function calls monitoring. Our approach differs from the above by shifting the focus from removing the problem to mitigating damages, to ensure data availability despite malware attacks. The aim is not to detect new ransomware samples, but simply to protect integrity and availability of private data. In other words, we interfere with ransomware usual behavior, intercepting I/O request packets and denying operations on user's valuable data.
Document type :
Conference papers
Complete list of metadatas

Cited literature [4 references]  Display  Hide  Download

https://hal.inria.fr/hal-01925958
Contributor : Marie-France Sagot <>
Submitted on : Sunday, November 18, 2018 - 4:25:57 PM
Last modification on : Tuesday, November 20, 2018 - 1:17:53 AM
Long-term archiving on : Tuesday, February 19, 2019 - 12:56:24 PM

File

paper-08.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01925958, version 1

Collections

Citation

Giovanni Bottazzi, Giuseppe Italiano, Domenico Spera. Preventing Ransomware Attacks Through File System Filter Drivers. Second Italian Conference on Cyber Security, 2018, Milan, Italy. ⟨hal-01925958⟩

Share

Metrics

Record views

77

Files downloads

216