Saved in:
Bibliographic Details
Main Authors: Higuchi, Kosuke, Kobayashi, Ryotaro
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.14162
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916698371653632
author Higuchi, Kosuke
Kobayashi, Ryotaro
author_facet Higuchi, Kosuke
Kobayashi, Ryotaro
contents This study introduces ROFBS$α$, a new defense architecture that addresses delays in detection in ransomware detectors based on machine learning. It builds on our earlier Real Time Open File Backup System, ROFBS, by adopting an asynchronous design that separates backup operations from detection tasks. By using eBPF to monitor file open events and running the backup process independently, the system avoids performance limitations when detection and protection contend for resources. We evaluated ROFBS$α$ against three ransomware strains, AvosLocker, Conti, and IceFire. The evaluation measured the number of files encrypted, the number of files successfully backed up, the ratio of backups to encrypted files, and the overall detection latency. The results show that ROFBS$α$ achieves high backup success rates and faster detection while adding minimal extra load to the system. However, defending against ransomware that encrypts files extremely quickly remains an open challenge that will require further enhancements.
format Preprint
id arxiv_https___arxiv_org_abs_2504_14162
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle ROFBS$α$: Real Time Backup System Decoupled from ML Based Ransomware Detection
Higuchi, Kosuke
Kobayashi, Ryotaro
Cryptography and Security
This study introduces ROFBS$α$, a new defense architecture that addresses delays in detection in ransomware detectors based on machine learning. It builds on our earlier Real Time Open File Backup System, ROFBS, by adopting an asynchronous design that separates backup operations from detection tasks. By using eBPF to monitor file open events and running the backup process independently, the system avoids performance limitations when detection and protection contend for resources. We evaluated ROFBS$α$ against three ransomware strains, AvosLocker, Conti, and IceFire. The evaluation measured the number of files encrypted, the number of files successfully backed up, the ratio of backups to encrypted files, and the overall detection latency. The results show that ROFBS$α$ achieves high backup success rates and faster detection while adding minimal extra load to the system. However, defending against ransomware that encrypts files extremely quickly remains an open challenge that will require further enhancements.
title ROFBS$α$: Real Time Backup System Decoupled from ML Based Ransomware Detection
topic Cryptography and Security
url https://arxiv.org/abs/2504.14162