Publicação
Mechanisms for analysis and detection of ransomware in desktop operating systems
| Resumo: | Ransomware attacks have become a danger to computer systems, leading to data loss, monetary losses, and business interruptions. We propose a machine learning-based method for ransomware detection on Linux to identify these attacks. To detect ransomware activity on the system, our approach combines the file system with a predictive model. To obtain sufficient infection information we use the data from the alteration calls to the files on the file system. This data is then fed into a machine-learning algorithm. Using a dataset we collected from uninfected files and files infected with various types of ransomware and were able to achieve a high detection rate with a low false positive rate. Our methodology can be incorporated into current security programs to improve detection and defense against ransomware attacks in the Linux environment. |
|---|---|
| Autores principais: | Santos, Vinicius Belloli dos |
| Assunto: | Ransomware Malware Cybersecurity Threat detection Linux |
| Ano: | 2023 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Instituto Politécnico de Bragança |
| Idioma: | inglês |
| Origem: | Biblioteca Digital do IPB |
| Resumo: | Ransomware attacks have become a danger to computer systems, leading to data loss, monetary losses, and business interruptions. We propose a machine learning-based method for ransomware detection on Linux to identify these attacks. To detect ransomware activity on the system, our approach combines the file system with a predictive model. To obtain sufficient infection information we use the data from the alteration calls to the files on the file system. This data is then fed into a machine-learning algorithm. Using a dataset we collected from uninfected files and files infected with various types of ransomware and were able to achieve a high detection rate with a low false positive rate. Our methodology can be incorporated into current security programs to improve detection and defense against ransomware attacks in the Linux environment. |
|---|