面向企业共享存储的加密勒索软件混合检测框架 / A Hybrid Framework For Crypto-Ransomware Detection In Enterprise Shared Storage
1️⃣ 一句话总结
该论文提出了一种结合网络流量分析、入侵指标提取与机器学习技术的混合检测框架,能够有效检测针对企业共享存储系统的加密勒索软件攻击,在早期阶段实现高达99.64%的检测精度且无漏报。
Most corporate workplace environments enforce policies and technical controls that limit the storage of sensitive data on client endpoints. Consequently, ransomware operators have evolved variants that expand their attack surface from local systems to network drives and shared storage resources. As traditional endpoint detection mechanisms focus primarily on local system behaviour, a compromised client can impact remote file servers, such as by encrypting shared data, without directly triggering behavioural changes on the servers themselves. In this paper, we propose a hybrid detection framework for detecting crypto-ransomware intrusion within integrated file server and client environments. The framework is based on a new technique referred to as Region of Interest (RoI) to analyse network traffic and extract Indicators of Compromise (IoCs). The IoC repository serves as an additional ruleset to enhance existing security tools such as EDRs and IDSs, while RoI-derived features are used to train an ML model to detect highly evasive variants. This study incorporates a broader set of ransomwares families and carefully selected benign behaviors based on domain expertise, ensuring coverage of common user actions that could interfere with ransomware detection. Beyond IoCs, which operate in a signature-based manner, our machine learning module achieves a detection precision of 99.64%, with a 0% false negative rate (FNR) and a minimal false positive rate (FPR). Furthermore, the proposed method enables early detection, identifying ransomware intrusions before significant damage occurs, achieving an accuracy of 99.44%.
面向企业共享存储的加密勒索软件混合检测框架 / A Hybrid Framework For Crypto-Ransomware Detection In Enterprise Shared Storage
该论文提出了一种结合网络流量分析、入侵指标提取与机器学习技术的混合检测框架,能够有效检测针对企业共享存储系统的加密勒索软件攻击,在早期阶段实现高达99.64%的检测精度且无漏报。
源自 arXiv: 2606.30586