Adrian Brodzik, Tomasz Malec-Kruszyński, Wojciech Niewolski, Mikołaj Tkaczyk, Krzysztof Bocianiak, Sok-Yen Loui
{"title":"在 Linux 内核中使用机器学习检测勒索软件","authors":"Adrian Brodzik, Tomasz Malec-Kruszyński, Wojciech Niewolski, Mikołaj Tkaczyk, Krzysztof Bocianiak, Sok-Yen Loui","doi":"arxiv-2409.06452","DOIUrl":null,"url":null,"abstract":"Linux-based cloud environments have become lucrative targets for ransomware\nattacks, employing various encryption schemes at unprecedented speeds.\nAddressing the urgency for real-time ransomware protection, we propose\nleveraging the extended Berkeley Packet Filter (eBPF) to collect system call\ninformation regarding active processes and infer about the data directly at the\nkernel level. In this study, we implement two Machine Learning (ML) models in\neBPF - a decision tree and a multilayer perceptron. Benchmarking latency and\naccuracy against their user space counterparts, our findings underscore the\nefficacy of this approach.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"2 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Ransomware Detection Using Machine Learning in the Linux Kernel\",\"authors\":\"Adrian Brodzik, Tomasz Malec-Kruszyński, Wojciech Niewolski, Mikołaj Tkaczyk, Krzysztof Bocianiak, Sok-Yen Loui\",\"doi\":\"arxiv-2409.06452\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Linux-based cloud environments have become lucrative targets for ransomware\\nattacks, employing various encryption schemes at unprecedented speeds.\\nAddressing the urgency for real-time ransomware protection, we propose\\nleveraging the extended Berkeley Packet Filter (eBPF) to collect system call\\ninformation regarding active processes and infer about the data directly at the\\nkernel level. In this study, we implement two Machine Learning (ML) models in\\neBPF - a decision tree and a multilayer perceptron. Benchmarking latency and\\naccuracy against their user space counterparts, our findings underscore the\\nefficacy of this approach.\",\"PeriodicalId\":501332,\"journal\":{\"name\":\"arXiv - CS - Cryptography and Security\",\"volume\":\"2 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Cryptography and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.06452\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.06452","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Ransomware Detection Using Machine Learning in the Linux Kernel
Linux-based cloud environments have become lucrative targets for ransomware
attacks, employing various encryption schemes at unprecedented speeds.
Addressing the urgency for real-time ransomware protection, we propose
leveraging the extended Berkeley Packet Filter (eBPF) to collect system call
information regarding active processes and infer about the data directly at the
kernel level. In this study, we implement two Machine Learning (ML) models in
eBPF - a decision tree and a multilayer perceptron. Benchmarking latency and
accuracy against their user space counterparts, our findings underscore the
efficacy of this approach.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
