2024
OSDI
OSDI 2024
Ransom Access Memories: Achieving Practical Ransomware Protection in Cloud with DeftPunk
Abstract
In this paper, we focus on building a ransomware detection and recovery system for cloud block stores. We start by discussing the possibility of directly using existing methods or porting one to our scenario with modifications. These attempts, though failed, led us to identify the unique IO characteristics of ransomware, and further drove us to build DeftPunk, a block-level ransomware detection and recovery system. DeftPunk uses a two-layer classifier for fast and accurate detection, creates pre-/post-attack snapshots to avoid data loss, and leverages log-structured support for low overhead recovery. Our large-scale benchmark shows that DeftPunk can achieve nearly 100% recall across 13 types of ransomware and low runtime overhead.
🧭
Keyword Pioneer
— block storage
🐝
Cross-Pollinator
— Artificial Intelligence, Computer Science, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Machine Learning, Mathematics & Optimization, Natural Language Processing, Security & Privacy, Speech & Audio
Authors
Zhongyu Wang
,
Yaheng Song
,
Erci Xu
,
Haonan Wu
,
Guangxun Tong
,
Shizhuo Sun
,
Haoran Li
,
Jincheng Liu
,
Lijun Ding
,
Rong Liu
,
Jiaji Zhu
,
Jiesheng Wu