Data Aware Defense (DaD): Towards a Generic and Practical Ransomware Countermeasure

Abstract : We present the Malware - O - Matic analysis platform and the Data Aware Defense ransomware countermeasure based on real time data gathering with as little impact as possible on system performance. Our solution monitors (and blocks if necessary) file system activity of all userland threads with new indicators of compromise. We successfully detect 99.37% of our 798 active ransomware samples with at most 70 MB lost per sample’s thread in 90% of cases, or less than 7 MB in 70% of cases. By a careful analysis of the few false negatives we show that some ransomware authors are specifically trying to hide ongoing encryption. We used free (as in free beer) de facto industry standard benchmarks to evaluate the impact of our solution and enable fair comparisons. In all but the most demanding tests the impact is marginal
Keywords : Ransomware
Type de document :
Communication dans un congrès
NordSec2017 - Nordic Conference on Secure IT Systems, Nov 2017, Tartu, Estonia. 2017
Liste complète des métadonnées

Littérature citée [6 références]  Voir  Masquer  Télécharger

https://hal-imt-atlantique.archives-ouvertes.fr/hal-01814009
Contributeur : Hélène Le Bouder <>
Soumis le : mardi 12 juin 2018 - 17:27:56
Dernière modification le : jeudi 15 novembre 2018 - 11:58:59
Document(s) archivé(s) le : vendredi 14 septembre 2018 - 00:41:13

Fichier

palisse-nordsec.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01814009, version 1

Citation

Aurélien Palisse, Antoine Durand, Hélène Le Bouder, Colas Le Guernic, Jean-Louis Lanet. Data Aware Defense (DaD): Towards a Generic and Practical Ransomware Countermeasure. NordSec2017 - Nordic Conference on Secure IT Systems, Nov 2017, Tartu, Estonia. 2017. 〈hal-01814009〉

Partager

Métriques

Consultations de la notice

210

Téléchargements de fichiers

110