Full Program
Summary:
Ransomware-as-a-Service represents an increasingly significant threat allowing malicious individuals without advanced technical expertise to target high-value entities. In this regard, cloud service providers have become primary targets for ransomware attacks due to their management of sensitive data and critical applications. Despite the existence of numerous solutions detecting ransomware, many are ineffective as they operate within the same operating system as the malware and can thus be evaded or manipulated. Consequently, this work introduces HyperDtct an innovative approach to collecting system calls at the hypervisor level and employing Machine Learning for ransomware detection. The experiments evaluate various classification and anomaly detection algorithms as well as feature selection techniques utilizing thirteen benign workloads and eleven ransomware samples (such as Babuk or LockBit Dark). The evaluations demonstrate that HyperDtct can accurately classify the examined samples with a high F1 score of 0.97, distinguishing between benign and malicious entities in less than ten seconds.Author(s):
Jan von der Assen
Switzerland
Alberto Huertas Celdran
Spain
Jan Marc Lüthi
Switzerland
Jose Maria Jorquera Valero
Spain
Francisco Enguix
Spain
Gerome Bovet
Switzerland
Burkhard Stiller
Switzerland