Abstract
Ransomware is a growing concern in business and government because it causes immediate financial damages or loss of important data. There is a way to detect and block ransomware in advance, but evolved ransomware can still attack while avoiding detection. Another alternative is to back up the original data. However, existing backup solutions can be under the control of ransomware and backup copies can be destroyed by ransomware. Moreover, backup methods incur storage and performance overhead. In this paper, we propose AMOEBA, a devicelevel backup solution that does not require additional storage for backup. AMOEBA is armed with (i) a hardware accelerator to run content-based detection algorithms for ransomware detection at high speed and (ii) a fine-grained backup control mechanism to minimize space overhead for data backup. For evaluations, we not only implemented AMOEBA using the Microsoft SSD simulator, but also prototyped it on the OpenSSD-platform. Our extensive evaluations with real ransomware workloads show that AMOEBA has high ransomware detection accuracy with negligible performance overhead.
Original language | English |
---|---|
Journal | IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems |
DOIs | |
Publication status | Accepted/In press - 2021 |
Bibliographical note
Publisher Copyright:IEEE
Keywords
- Encryption
- Engines
- Entropy
- Libraries
- Machine learning
- Performance evaluation
- Ransomware
- Ransomware Attack.
- Solid-State Drive (SSD)
- Storage Security
- Storage System
ASJC Scopus subject areas
- Software
- Computer Graphics and Computer-Aided Design
- Electrical and Electronic Engineering