Publikation: Fighting Ransomware with Guided Undo
Dateien
Datum
Autor:innen
Herausgeber:innen
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
Internationale Patentnummer
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Core Facility der Universität Konstanz
Titel in einer weiteren Sprache
Publikationstyp
Publikationsstatus
Erschienen in
Zusammenfassung
Ransomware attacks are rare, yet catastrophic. On closer inspection, they differ from other malware infections: Given appropriate preparation, they do not need to be detected and prevented, but could be recovered later. However, current ransomware protection follows the beaten path of anti-malware copying their fallacies. We show how the move to personal cloud storage allows for a paradigm shift in ransomware protection: exceptional attack isolation, perfect elimination of false positive alerts, and simplified recovery.
In this paper, we analyze the necessary operations for ransomware, extend existing ransomware taxonomy, and verify them against real-world malware samples. We analyze the costs and benefits of moving ransomware detection to versioned personal cloud stor- age. Our content, meta data, and behavior analysis paired with a `guilt by association' capability greatly improve the false positive rate, but the guided undo make this rate all but inconsequential. Even though the user now carries a new burden, it comes with clear responsibilities and benefits, while being freed from questionable duties, resulting in a win-win situation for user experience and detection quality.
Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
Schlagwörter
Konferenz
Rezension
Zitieren
ISO 690
HELD, Matthias, Marcel WALDVOGEL, 2018. Fighting Ransomware with Guided Undo. NISK 2018 : the 11th Norwegian Information Security Conference. Longyearbyen, Svalbard, 18. Sept. 2018 - 20. Sept. 2018. In: MJØLSNES, Stig Frode, ed., Ragnar SOLENG, ed.. NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference. 2018. NISK Journal. 11. eISSN 1894-7735BibTex
@inproceedings{Held2018Fight-44548,
year={2018},
title={Fighting Ransomware with Guided Undo},
url={https://ojs.bibsys.no/index.php/NISK/article/view/575},
number={11},
series={NISK Journal},
booktitle={NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference},
editor={Mjølsnes, Stig Frode and Soleng, Ragnar},
author={Held, Matthias and Waldvogel, Marcel}
}RDF
<rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:bibo="http://purl.org/ontology/bibo/"
xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
xmlns:foaf="http://xmlns.com/foaf/0.1/"
xmlns:void="http://rdfs.org/ns/void#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema#" >
<rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/44548">
<void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
<dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dc:language>eng</dc:language>
<dcterms:abstract xml:lang="eng">Ransomware attacks are rare, yet catastrophic. On closer inspection, they differ from other malware infections: Given appropriate preparation, they do not need to be detected and prevented, but could be recovered later. However, current ransomware protection follows the beaten path of anti-malware copying their fallacies. We show how the move to personal cloud storage allows for a paradigm shift in ransomware protection: exceptional attack isolation, perfect elimination of false positive alerts, and simplified recovery.<br />In this paper, we analyze the necessary operations for ransomware, extend existing ransomware taxonomy, and verify them against real-world malware samples. We analyze the costs and benefits of moving ransomware detection to versioned personal cloud stor- age. Our content, meta data, and behavior analysis paired with a `guilt by association' capability greatly improve the false positive rate, but the guided undo make this rate all but inconsequential. Even though the user now carries a new burden, it comes with clear responsibilities and benefits, while being freed from questionable duties, resulting in a win-win situation for user experience and detection quality.</dcterms:abstract>
<dc:contributor>Waldvogel, Marcel</dc:contributor>
<bibo:uri rdf:resource="https://kops.uni-konstanz.de/handle/123456789/44548"/>
<dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dcterms:issued>2018</dcterms:issued>
<dc:creator>Waldvogel, Marcel</dc:creator>
<foaf:homepage rdf:resource="http://localhost:8080/"/>
<dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2019-01-14T11:15:59Z</dcterms:available>
<dcterms:title>Fighting Ransomware with Guided Undo</dcterms:title>
<dc:creator>Held, Matthias</dc:creator>
<dc:contributor>Held, Matthias</dc:contributor>
<dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2019-01-14T11:15:59Z</dc:date>
</rdf:Description>
</rdf:RDF>
