Leveraging eBPF and AI for Ransomware Nose Out

• URL: http://arxiv.org/abs/2406.14020v1
• Date: Thu, 20 Jun 2024 06:35:15 GMT
• Title: Leveraging eBPF and AI for Ransomware Nose Out
• Authors: Arjun Sekar, Sameer G. Kulkarni, Joy Kuri,
• Abstract summary: We propose a two-phased approach for real-time detection and deterrence of ransomware. We leverage the capabilities of eBPF and artificial intelligence to develop both proactive and reactive methods. Our solution achieves an impressive 99.76% accuracy in identifying ransomware incidents within a few seconds on the onset of zero-day attacks.
• Score: 0.9012198585960441
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: In this work, we propose a two-phased approach for real-time detection and deterrence of ransomware. To achieve this, we leverage the capabilities of eBPF (Extended Berkeley Packet Filter) and artificial intelligence to develop both proactive and reactive methods. In the first phase, we utilize signature based detection, where we employ custom eBPF programs to trace the execution of new processes and perform hash-based analysis against a known ransomware dataset. In the second, we employ a behavior-based technique that focuses on monitoring the process activities using a custom eBPF program and the creation of ransom notes, a prominent indicator of ransomware activity through the use of Natural Language Processing (NLP). By leveraging low-level tracing capabilities of eBPF and integrating NLP based machine learning algorithms, our solution achieves an impressive 99.76% accuracy in identifying ransomware incidents within a few seconds on the onset of zero-day attacks.

Related papers

• NLP-Based .NET CLR Event Logs Analyzer [0.0]
  We present a tool for analyzing.NET CLR event logs based on a novel method inspired by Natural Language Processing (NLP) approach. We utilize a BERT-based architecture with an enhanced tokenization process customized to event logs. Our experiments demonstrate the efficacy of our approach in compressing event sequences, detecting recurring patterns, and identifying anomalies.
  arXiv  Detail & Related papers  (2025-02-06T17:01:38Z)
• A Sysmon Incremental Learning System for Ransomware Analysis and Detection [1.495391051525033]
  In the face of increasing cyber threats, particularly ransomware attacks, there is a pressing need for advanced detection and analysis systems. Most of these proposals leverage non-incremental learning approaches that require the underlying models to be updated from scratch to detect new ransomware. This approach is problematic because it leaves sensitive data vulnerable to attack during retraining, as newly emerging ransomware strains may go undetected until the model is updated. We present the Sysmon Incremental Learning System for Analysis and Detection (SILRAD), which enables continuous updates to the underlying model and effectively closes the training gap.
  arXiv  Detail & Related papers  (2025-01-02T06:22:58Z)
• Ransomware Detection Using Machine Learning in the Linux Kernel [0.0]
  Linux-based cloud environments have become lucrative targets for ransomware attacks. We propose leveraging the extended Berkeley Packet Filter (eBPF) to collect system call information regarding active processes and infer about the data directly at the kernel level.
  arXiv  Detail & Related papers  (2024-09-10T12:17:23Z)
• UniForensics: Face Forgery Detection via General Facial Representation [60.5421627990707]
  High-level semantic features are less susceptible to perturbations and not limited to forgery-specific artifacts, thus having stronger generalization. We introduce UniForensics, a novel deepfake detection framework that leverages a transformer-based video network, with a meta-functional face classification for enriched facial representation.
  arXiv  Detail & Related papers  (2024-07-26T20:51:54Z)
• FOBNN: Fast Oblivious Binarized Neural Network Inference [12.587981899648419]
  We develop a fast oblivious binarized neural network inference framework, FOBNN. Specifically, we customize binarized convolutional neural networks to enhance oblivious inference, design two fast algorithms for binarized convolutions, and optimize network structures experimentally under constrained costs.
  arXiv  Detail & Related papers  (2024-05-06T03:12:36Z)
• Interpretable Machine Learning for Detection and Classification of Ransomware Families Based on API Calls [5.340730281227837]
  This research work utilizes the frequencies of different API calls to detect and classify ransomware families. A WebCrawler is developed to automate collecting the Windows Portable Executable PE files of 15 different ransomware families. Logistic Regression can efficiently classify ransomware into their corresponding families securing 9915 accuracy.
  arXiv  Detail & Related papers  (2022-10-16T15:54:45Z)
• A2Log: Attentive Augmented Log Anomaly Detection [53.06341151551106]
  Anomaly detection becomes increasingly important for the dependability and serviceability of IT services. Existing unsupervised methods need anomaly examples to obtain a suitable decision boundary. We develop A2Log, which is an unsupervised anomaly detection method consisting of two steps: Anomaly scoring and anomaly decision.
  arXiv  Detail & Related papers  (2021-09-20T13:40:21Z)
• A black-box adversarial attack for poisoning clustering [78.19784577498031]
  We propose a black-box adversarial attack for crafting adversarial samples to test the robustness of clustering algorithms. We show that our attacks are transferable even against supervised algorithms such as SVMs, random forests, and neural networks.
  arXiv  Detail & Related papers  (2020-09-09T18:19:31Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)
• Process Discovery for Structured Program Synthesis [70.29027202357385]
  A core task in process mining is process discovery which aims to learn an accurate process model from event log data. In this paper, we propose to use (block-) structured programs directly as target process models. We develop a novel bottom-up agglomerative approach to the discovery of such structured program process models.
  arXiv  Detail & Related papers  (2020-08-13T10:33:10Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.