Fighting Ransomware with Guided Undo
| dc.contributor.author | Held, Matthias | |
| dc.contributor.author | Waldvogel, Marcel | |
| dc.date.accessioned | 2019-01-14T11:15:59Z | |
| dc.date.available | 2019-01-14T11:15:59Z | |
| dc.date.issued | 2018 | eng |
| dc.description.abstract | Ransomware attacks are rare, yet catastrophic. On closer inspection, they differ from other malware infections: Given appropriate preparation, they do not need to be detected and prevented, but could be recovered later. However, current ransomware protection follows the beaten path of anti-malware copying their fallacies. We show how the move to personal cloud storage allows for a paradigm shift in ransomware protection: exceptional attack isolation, perfect elimination of false positive alerts, and simplified recovery. In this paper, we analyze the necessary operations for ransomware, extend existing ransomware taxonomy, and verify them against real-world malware samples. We analyze the costs and benefits of moving ransomware detection to versioned personal cloud stor- age. Our content, meta data, and behavior analysis paired with a `guilt by association' capability greatly improve the false positive rate, but the guided undo make this rate all but inconsequential. Even though the user now carries a new burden, it comes with clear responsibilities and benefits, while being freed from questionable duties, resulting in a win-win situation for user experience and detection quality. | eng |
| dc.description.version | published | eng |
| dc.identifier.uri | https://kops.uni-konstanz.de/handle/123456789/44548 | |
| dc.language.iso | eng | eng |
| dc.subject.ddc | 004 | eng |
| dc.title | Fighting Ransomware with Guided Undo | eng |
| dc.type | INPROCEEDINGS | eng |
| dspace.entity.type | Publication | |
| kops.citation.bibtex | @inproceedings{Held2018Fight-44548,
year={2018},
title={Fighting Ransomware with Guided Undo},
url={https://ojs.bibsys.no/index.php/NISK/article/view/575},
number={11},
series={NISK Journal},
booktitle={NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference},
editor={Mjølsnes, Stig Frode and Soleng, Ragnar},
author={Held, Matthias and Waldvogel, Marcel}
} | |
| kops.citation.iso690 | HELD, Matthias, Marcel WALDVOGEL, 2018. Fighting Ransomware with Guided Undo. NISK 2018 : the 11th Norwegian Information Security Conference. Longyearbyen, Svalbard, 18. Sept. 2018 - 20. Sept. 2018. In: MJØLSNES, Stig Frode, ed., Ragnar SOLENG, ed.. NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference. 2018. NISK Journal. 11. eISSN 1894-7735 | deu |
| kops.citation.iso690 | HELD, Matthias, Marcel WALDVOGEL, 2018. Fighting Ransomware with Guided Undo. NISK 2018 : the 11th Norwegian Information Security Conference. Longyearbyen, Svalbard, Sep 18, 2018 - Sep 20, 2018. In: MJØLSNES, Stig Frode, ed., Ragnar SOLENG, ed.. NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference. 2018. NISK Journal. 11. eISSN 1894-7735 | eng |
| kops.citation.rdf | <rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:bibo="http://purl.org/ontology/bibo/"
xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
xmlns:foaf="http://xmlns.com/foaf/0.1/"
xmlns:void="http://rdfs.org/ns/void#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema#" >
<rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/44548">
<void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
<dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dc:language>eng</dc:language>
<dcterms:abstract xml:lang="eng">Ransomware attacks are rare, yet catastrophic. On closer inspection, they differ from other malware infections: Given appropriate preparation, they do not need to be detected and prevented, but could be recovered later. However, current ransomware protection follows the beaten path of anti-malware copying their fallacies. We show how the move to personal cloud storage allows for a paradigm shift in ransomware protection: exceptional attack isolation, perfect elimination of false positive alerts, and simplified recovery.<br />In this paper, we analyze the necessary operations for ransomware, extend existing ransomware taxonomy, and verify them against real-world malware samples. We analyze the costs and benefits of moving ransomware detection to versioned personal cloud stor- age. Our content, meta data, and behavior analysis paired with a `guilt by association' capability greatly improve the false positive rate, but the guided undo make this rate all but inconsequential. Even though the user now carries a new burden, it comes with clear responsibilities and benefits, while being freed from questionable duties, resulting in a win-win situation for user experience and detection quality.</dcterms:abstract>
<dc:contributor>Waldvogel, Marcel</dc:contributor>
<bibo:uri rdf:resource="https://kops.uni-konstanz.de/handle/123456789/44548"/>
<dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dcterms:issued>2018</dcterms:issued>
<dc:creator>Waldvogel, Marcel</dc:creator>
<foaf:homepage rdf:resource="http://localhost:8080/"/>
<dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2019-01-14T11:15:59Z</dcterms:available>
<dcterms:title>Fighting Ransomware with Guided Undo</dcterms:title>
<dc:creator>Held, Matthias</dc:creator>
<dc:contributor>Held, Matthias</dc:contributor>
<dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2019-01-14T11:15:59Z</dc:date>
</rdf:Description>
</rdf:RDF> | |
| kops.conferencefield | NISK 2018 : the 11th Norwegian Information Security Conference, 18. Sept. 2018 - 20. Sept. 2018, Longyearbyen, Svalbard | deu |
| kops.date.conferenceEnd | 2018-09-20 | eng |
| kops.date.conferenceStart | 2018-09-18 | eng |
| kops.flag.knbibliography | true | |
| kops.location.conference | Longyearbyen, Svalbard | eng |
| kops.sourcefield | MJØLSNES, Stig Frode, ed., Ragnar SOLENG, ed.. <i>NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference</i>. 2018. NISK Journal. 11. eISSN 1894-7735 | deu |
| kops.sourcefield.plain | MJØLSNES, Stig Frode, ed., Ragnar SOLENG, ed.. NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference. 2018. NISK Journal. 11. eISSN 1894-7735 | deu |
| kops.sourcefield.plain | MJØLSNES, Stig Frode, ed., Ragnar SOLENG, ed.. NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference. 2018. NISK Journal. 11. eISSN 1894-7735 | eng |
| kops.title.conference | NISK 2018 : the 11th Norwegian Information Security Conference | eng |
| kops.url | https://ojs.bibsys.no/index.php/NISK/article/view/575 | eng |
| kops.urlDate | 2019-01-09 | eng |
| relation.isAuthorOfPublication | 1f93ffa6-e7b5-4152-8821-b8abd55477a2 | |
| relation.isAuthorOfPublication | 84e1ce62-b720-46ef-b156-ce00a632dd4f | |
| relation.isAuthorOfPublication.latestForDiscovery | 1f93ffa6-e7b5-4152-8821-b8abd55477a2 | |
| source.bibliographicInfo.seriesNumber | 11 | eng |
| source.contributor.editor | Mjølsnes, Stig Frode | |
| source.contributor.editor | Soleng, Ragnar | |
| source.identifier.eissn | 1894-7735 | eng |
| source.relation.ispartofseries | NISK Journal | eng |
| source.title | NISK 2018 : Proceedings of the 11th Norwegian Information Security Conference | eng |