On Tracking Ransomware on the File System

Luigi Catuogno, Clemente Galdi

2022

Abstract

Ransomware detection is gaining growing importance in the scientific literature because of widespread and economic impact of this type of malware. A successful ransomware detection system must identify a malicious behaviour as soon as possible while reducing false positive detection. To this end, different strategies have been explored. Recently, a promising approach has risen. It consists in looking for possible running ransomware by measuring the different activities every process does on the filesystem. Such measurements are represented with quantitative “indicators”. Indicators selection and their interpretation, is a critical and challenging task. In this paper we survey some of most representative file-system centered ransomware detectors and describe their chosen behavioural indicators and strategies used to measure them. Then we compare the different solutions and discuss pros, cons and open issues of every approach.

Paper Citation

in Harvard Style

Catuogno L. and Galdi C. (2022). On Tracking Ransomware on the File System. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 210-219. DOI: 10.5220/0010985000003120

in Bibtex Style

@conference{icissp22,
author={Luigi Catuogno and Clemente Galdi},
title={On Tracking Ransomware on the File System},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={210-219},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010985000003120},
isbn={978-989-758-553-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - On Tracking Ransomware on the File System
SN - 978-989-758-553-1
AU - Catuogno L.
AU - Galdi C.
PY - 2022
SP - 210
EP - 219
DO - 10.5220/0010985000003120