Abstract:

Ransomware can successfully evade traditional antivirus programs, encrypt user data, and render both the system and its contents inaccessible. Common detection strategies involve observing process behavior, file operations, and system calls on the infected system, followed by analyzing the gathered data. However, monitoring several processes can be resource-intensive, and advanced ransomware may interfere with this process, leading to corrupted information. This study introduces a dependable and also efficient method in order to identify ransomware running inside a virtual machine (VM). Instead of inspecting individual processes within the VM, data on specific processor and disk I/O activities is gathered from the host system. A machine learning (ML) classifier is used to introduce a detection model. This solution eliminates the problem of process-level monitoring and avoids threat of ransomware altering the collected input.

Description:

.