- Menu
2023
Authors
Santos, J; Figueiredo, D; Madeira, A;
Publication
Theoretical Aspects of Software Engineering - 17th International Symposium, TASE 2023, Bristol, UK, July 4-6, 2023, Proceedings
Abstract
2023
Authors
Madeira, A; Martins, MA;
Publication
WADT
Abstract
2023
Authors
Santos, J; Figueiredo, D; Madeira, A;
Publication
Theoretical Aspects of Software Engineering - Lecture Notes in Computer Science
Abstract
2023
Authors
Martínez, MP; Paulo, J;
Publication
DAIS
Abstract
2023
Authors
Esteves, T; Macedo, R; Oliveira, R; Paulo, J;
Publication
CoRR
Abstract
2023
Authors
Esteves, T; Pereira, B; Oliveira, RP; Marco, J; Paulo, J;
Publication
2023 42ND INTERNATIONAL SYMPOSIUM ON RELIABLE DISTRIBUTED SYSTEMS, SRDS 2023
Abstract
Cryptographic ransomware attacks are constantly evolving by obfuscating their distinctive features (e.g., I/O patterns) to bypass detection mechanisms and to run unnoticed at infected servers. Thus, efficiently exploring the I/O behavior of ransomware families is crucial so that security analysts and engineers can better understand these and, with such knowledge, enhance existing detection methods. In this paper, we propose CRIBA, an open-source framework that simplifies the exploration, analysis, and comparison of I/O patterns for Linux cryptographic ransomware. Our solution combines the collection of comprehensive information about system calls issued by ransomware samples, with a customizable and automated analysis and visualization pipeline, including tailored correlation algorithms and visualizations. Our study, including 5 Linux ransomware families, shows that CRIBA provides comprehensive insights about the I/O patterns of these attacks while aiding in exploring common and differentiating traits across families.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.