English

Ransomware Detection Using Machine Learning in the Linux Kernel

Cryptography and Security 2024-09-11 v1 Machine Learning
Authors: Adrian Brodzik , Tomasz Malec-Kruszyński , Wojciech Niewolski , Mikołaj Tkaczyk , Krzysztof Bocianiak , Sok-Yen Loui
View on arXiv PDF

Abstract

Linux-based cloud environments have become lucrative targets for ransomware attacks, employing various encryption schemes at unprecedented speeds. Addressing the urgency for real-time ransomware protection, we propose leveraging the extended Berkeley Packet Filter (eBPF) to collect system call information regarding active processes and infer about the data directly at the kernel level. In this study, we implement two Machine Learning (ML) models in eBPF - a decision tree and a multilayer perceptron. Benchmarking latency and accuracy against their user space counterparts, our findings underscore the efficacy of this approach.

Keywords

ransomware detection malware detection spam detection

Cite

@article{arxiv.2409.06452,
  title  = {Ransomware Detection Using Machine Learning in the Linux Kernel},
  author = {Adrian Brodzik and Tomasz Malec-Kruszyński and Wojciech Niewolski and Mikołaj Tkaczyk and Krzysztof Bocianiak and Sok-Yen Loui},
  journal= {arXiv preprint arXiv:2409.06452},
  year   = {2024}
}

Related papers

View all related →
Cryptography and Security · Computer Science
Leveraging eBPF and AI for Ransomware Nose Out
Arjun Sekar, Sameer G. Kulkarni, Joy Kuri
2024-06-21
Cryptography and Security · Computer Science
On the Generalizability of Machine Learning-based Ransomware Detection in Block Storage
Nicolas Reategui, Roman Pletka, Dionysios Diamantopoulos
2024-12-31
Cryptography and Security · Computer Science
Federated Learning Approach for Distributed Ransomware Analysis
Aldin Vehabovic, Hadi Zanddizari, Farook Shaikh, Nasir Ghani +3
2023-06-27
Cryptography and Security · Computer Science
A flow-based IDS using Machine Learning in eBPF
Maximilian Bachl, Joachim Fabini, Tanja Zseby
2022-03-07
Cryptography and Security · Computer Science
Leveraging Machine Learning for Ransomware Detection
Nanda Rani, Sunita Vikrant Dhavale
2022-06-07
Cryptography and Security · Computer Science
Ransomware Classification and Detection With Machine Learning Algorithms
Mohammad Masum, Md Jobair Hossain Faruk, Hossain Shahriar, Kai Qian +2
2022-07-05
Machine Learning · Computer Science
A Survey of Machine Learning Algorithms for Detecting Ransomware Encryption Activity
Erik Larsen, David Noever, Korey MacVittie
2021-10-18
Cryptography and Security · Computer Science
Peeler: Profiling Kernel-Level Events to Detect Ransomware
Muhammad Ejaz Ahmed, Hyoungshick Kim, Seyit Camtepe, Surya Nepal
2021-02-01
Cryptography and Security · Computer Science
Data-Centric Machine Learning Approach for Early Ransomware Detection and Attribution
Aldin Vehabovic, Hadi Zanddizari, Nasir Ghani, Farooq Shaikh +3
2023-06-27
Cryptography and Security · Computer Science
Crypto-ransomware detection using machine learning models in file-sharing network scenario with encrypted traffic
Eduardo Berrueta, Daniel Morato, Eduardo Magaña, Mikel Izal
2022-02-16
Cryptography and Security · Computer Science
Ransomware Detection Using Federated Learning with Imbalanced Datasets
Aldin Vehabovic, Hadi Zanddizari, Nasir Ghani, G. Javidi +4
2023-11-15
Cryptography and Security · Computer Science
Towards a Resilient Machine Learning Classifier -- a Case Study of Ransomware Detection
Chih-Yuan Yang, Ravi Sahita
2020-03-17
Cryptography and Security · Computer Science
ROFBS$\alpha$: Real Time Backup System Decoupled from ML Based Ransomware Detection
Kosuke Higuchi, Ryotaro Kobayashi
2025-04-22
Operating Systems · Computer Science
The eBPF Runtime in the Linux Kernel
Bolaji Gbadamosi, Luigi Leonardi, Tobias Pulls, Toke Høiland-Jørgensen +3
2024-10-04
Cryptography and Security · Computer Science
Ransomware threat mitigation through network traffic analysis and machine learning techniques
Ali Mehrban, Shirin Karimi Geransayeh
2024-02-06
Cryptography and Security · Computer Science
Detection of ransomware attacks using federated learning based on the CNN model
Hong-Nhung Nguyen, Ha-Thanh Nguyen, Damien Lescos
2024-05-02
Cryptography and Security · Computer Science
Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection
Omar M. K. Alhawi, James Baldwin, Ali Dehghantanha
2018-07-30
Cryptography and Security · Computer Science
A Comprehensive Analysis of Machine Learning Based File Trap Selection Methods to Detect Crypto Ransomware
Mohan Anand Putrevu, Hrushikesh Chunduri, Venkata Sai Charan Putrevu, Sandeep K Shukla
2024-09-19
Cryptography and Security · Computer Science
AI-based Malware and Ransomware Detection Models
Benjamin Marais, Tony Quertier, Stéphane Morucci
2022-11-29
Cryptography and Security · Computer Science
Bomfather: An eBPF-based Kernel-level Monitoring Framework for Accurate Identification of Unknown, Unused, and Dynamically Loaded Dependencies in Modern Software Supply Chains
Naveen Srinivasan, Nathan Naveen, Neil Naveen
2025-03-05
Cryptography and Security · Computer Science
Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence
Sajad Homayoun, Ali Dehghantanha, Marzieh Ahmadzadeh, Sattar Hashemi +1
2018-08-07
Cryptography and Security · Computer Science
A Computational Model for Ransomware Detection Using Cross-Domain Entropy Signatures
Michael Mannon, Evan Statham, Quentin Featherstone, Sebastian Arkwright +2
2025-03-27
Software Engineering · Computer Science
ProfInfer: An eBPF-based Fine-Grained LLM Inference Profiler
Bohua Zou, Debayan Roy, Dhimankumar Yogesh Airao, Weihao Xu +3
2026-01-30
Machine Learning · Computer Science
Towards resilient machine learning for ransomware detection
Li Chen, Chih-Yuan Yang, Anindya Paul, Ravi Sahita
2019-05-20
Cryptography and Security · Computer Science
Ransomware Detection and Classification using Machine Learning
Kavitha Kunku, ANK Zaman, Kaushik Roy
2023-11-29