WannaLaugh: A Configurable Ransomware Emulator – Learning to Mimic Malicious Storage Traces
CoRR(2024)
摘要
Ransomware, a fearsome and rapidly evolving cybersecurity threat, continues
to inflict severe consequences on individuals and organizations worldwide.
Traditional detection methods, reliant on static signatures and application
behavioral patterns, are challenged by the dynamic nature of these threats.
This paper introduces three primary contributions to address this challenge.
First, we introduce a ransomware emulator. This tool is designed to safely
mimic ransomware attacks without causing actual harm or spreading malware,
making it a unique solution for studying ransomware behavior. Second, we
demonstrate how we use this emulator to create storage I/O traces. These traces
are then utilized to train machine-learning models. Our results show that these
models are effective in detecting ransomware, highlighting the practical
application of our emulator in developing responsible cybersecurity tools.
Third, we show how our emulator can be used to mimic the I/O behavior of
existing ransomware thereby enabling safe trace collection. Both the emulator
and its application represent significant steps forward in ransomware detection
in the era of machine-learning-driven cybersecurity.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要