Title: Dynamic deception-based technique for crypto-ransomware detection

Authors: Kiruthika Jagannathan; Shina Sheen

Addresses: Department of Applied Mathematics and Computational Sciences, PSG College of Technology, Tamil Nadu, 641004, India ' Department of Applied Mathematics and Computational Sciences, PSG College of Technology, Tamil Nadu, 641004, India

Abstract: Recently, deception techniques have attracted substantial attention in the research community and are emerging as a proactive attack detection and defence mechanism against ransomware. We have contributed a tool that thwarts crypto-ransomware action in Linux environment, using a file-based dynamic deception mechanism. This tool deploys and monitors decoy files in minimal locations in the file system by taking into consideration the existing ransomware behaviour and file traversal patterns. It also dynamically deploys new decoys or updates existing ones in response to legitimate file system changes, ensuring that any ransomware begins its encryption on a monitored decoy, effectively neutralising the threat. We assessed our tool using few existing Linux ransomware samples and creating new ones, as detailed in the experimental evaluation. The results indicate that the tool can thwart the crypto-ransomware samples at an early stage of encryption, as they begin encryption from a monitored decoy, thus saving original files.

Keywords: ransomware; Linux; deception; decoy; encryption.

DOI: 10.1504/IJSN.2024.143778

International Journal of Security and Networks, 2024 Vol.19 No.4, pp.210 - 223

Received: 25 Feb 2024
Accepted: 13 Nov 2024
Published online: 06 Jan 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article