The paper discusses the ongoing threat of ransomware, especially in Linux-based systems. It introduces GuardFS, a file system-based approach that not only detects but also mitigates ransomware threats. GuardFS uses a unique overlay file system and machine learning models for three novel defense configurations that obfuscate, delay, or track access to the file system. The study shows that while complete prevention of data loss is not possible, it can be significantly reduced using GuardFS. It also discusses the relation between defense effectiveness and resource consumption/usability.

 

Publication date: 31 Jan 2024
Project Page: https://arxiv.org/abs/2401.17917v1
Paper: https://arxiv.org/pdf/2401.17917