Ransomware Detection Using Machine Learning in the Linux Kernel
About
Linux-based cloud environments have become lucrative targets for ransomware attacks, employing various encryption schemes at unprecedented speeds. Addressing the urgency for real-time ransomware protection, we propose leveraging the extended Berkeley Packet Filter (eBPF) to collect system call information regarding active processes and infer about the data directly at the kernel level. In this study, we implement two Machine Learning (ML) models in eBPF - a decision tree and a multilayer perceptron. Benchmarking latency and accuracy against their user space counterparts, our findings underscore the efficacy of this approach.
Adrian Brodzik, Tomasz Malec-Kruszy\'nski, Wojciech Niewolski, Miko{\l}aj Tkaczyk, Krzysztof Bocianiak, Sok-Yen Loui• 2024
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Encryption Behavior Detection | Encryption behavior detection datasets Qualitative Comparison Prototype baseline (Evaluation set) | macro-F199.8 | 5 |
Showing 1 of 1 rows