research-article

Sentinel: ransomware detection in file storage

Authors:

Cornel Constantinescu,

Sangeetha SeshadriAuthors Info & Claims

SYSTOR '21: Proceedings of the 14th ACM International Conference on Systems and Storage

Article No.: 28, Page 1

https://doi.org/10.1145/3456727.3463834

Published: 14 June 2021 Publication History

Get Access

Abstract

Ransomware is software that uses encryption to disable access to data until a ransom is paid and such attacks have increased steeply in recent times. The best current practice to minimize the impact of ransomware attacks include periodic backups and airgapped immutable copies. However, undetected attacks can corrupt data before backups, making backups unusable. Detecting ransomware attacks quickly and flagging the damaged content enables fast recovery and business continuity. We present some features of our ransomware attack detection algorithms prototyped and run on a sandboxed but realistic environment that successfully detected the live ransomware attacks from open source repositories.

References

[1]

Cyber Florida at University of South Florida. 2021. Research Shows a 715% Increase in Ransomware Attacks in 2020. https://cyberflorida.org/covid/bitfender

Google Scholar

[2]

Eric Hibbard. 2020. Ransomware - Is it the Ultimate Malware?. In SDC 20: Storage Developer Conference. SNIA.

Google Scholar

[3]

Amin Kharraz and Engin Kirda. 2017. Redemption: Real-Time Protection Against Ransomware at End-Hosts. In RAID 2017: Research in Attacks, Intrusions, and Defenses. Springer, Cham, 98--119.

Google Scholar

[4]

Daniel Morato, Eduardo Berrueta, Eduardo Magaña, and Mikel Izal. 2018. Ransomware early detection by the analysis of file sharing traffic. Journal of Network and Computer Applications 124, June (2018), 14--32.

Crossref

Google Scholar

[5]

IBM QRadar SIEM. 2020. Gartner Magic Quadrant for SIEM. https://www.ibm.com/products/qradar-siem

Google Scholar

[6]

Splunk. 2021. Wikipedia. https://en.wikipedia.org/wiki/Splunk

Google Scholar

Cited By

View all

Gómez Hernández JGarcía Teodoro PMagán Carrión RRodríguez Gómez R(2023)Crypto-Ransomware: A Revision of the State of the Art, Advances and ChallengesElectronics10.3390/electronics1221449412:21(4494)Online publication date: 1-Nov-2023
https://doi.org/10.3390/electronics12214494
Denham BThompson D(2022)Ransomware and Malware Sandboxing2022 IEEE 13th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)10.1109/UEMCON54665.2022.9965664(0173-0179)Online publication date: 26-Oct-2022
https://doi.org/10.1109/UEMCON54665.2022.9965664

Index Terms

Sentinel: ransomware detection in file storage
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

Sentinel: A Robust Intrusion Detection System for IoT Networks Using Kernel-Level System Information
IoTDI '21: Proceedings of the International Conference on Internet-of-Things Design and Implementation

The concept of Internet of Things (IoT) has changed the way we live by integrating commodity devices with cyberspace to automate our everyday tasks. Nowadays, IoT devices in the home environment are becoming ubiquitous with seamless connectivity and ...
SENTINEL

A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intent, pose ...
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

The fast spreading worm is becoming one of the most serious threats to today's networked information systems. A fast spreading worm could infect hundreds of thousands of hosts within a few minutes. In order to stop a fast spreading worm, we need the ...

Comments

Information & Contributors

Information

Published In

SYSTOR '21: Proceedings of the 14th ACM International Conference on Systems and Storage

June 2021

226 pages

ISBN:9781450383981

DOI:10.1145/3456727

General Chairs:
Bruno Wassermann
IBM Research - Haifa, Israel
,
Michal Malka
IBM Research - Haifa, Israel
,
Program Chairs:
Vijay Chidambaram
University of Texas at Austin/VMWare Research
,
Danny Raz
Technion - Israel Institute of Technology, Israel

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Technion: Israel Institute of Technology
USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

SYSTOR '21

Sponsor:

SIGOPS

SYSTOR '21: The 14th ACM International Systems and Storage Conference

June 14 - 16, 2021

Haifa, Israel

Acceptance Rates

SYSTOR '21 Paper Acceptance Rate 18 of 63 submissions, 29%;

Overall Acceptance Rate 108 of 323 submissions, 33%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
233
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)2

Reflects downloads up to 11 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Gómez Hernández JGarcía Teodoro PMagán Carrión RRodríguez Gómez R(2023)Crypto-Ransomware: A Revision of the State of the Art, Advances and ChallengesElectronics10.3390/electronics1221449412:21(4494)Online publication date: 1-Nov-2023
https://doi.org/10.3390/electronics12214494
Denham BThompson D(2022)Ransomware and Malware Sandboxing2022 IEEE 13th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)10.1109/UEMCON54665.2022.9965664(0173-0179)Online publication date: 26-Oct-2022
https://doi.org/10.1109/UEMCON54665.2022.9965664

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Sentinel: A Robust Intrusion Detection System for IoT Networks Using Kernel-Level System Information

SENTINEL

WormTerminator: an effective containment of unknown and polymorphic fast spreading worms

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations