Ransomware encrypts files on infected systems and demands a hefty ransom for decryption, posing a significant threat to both enterprises and individuals. However, existing methods fail to capture the encryption preferences of diverse ransomware families, lacking an efficient and systematic proactive defense method. In this paper, we propose \textbf{Pepper}, a preference-aware active ransomware trapping method, covering decoy file generation, deployment, and monitoring. Through examination of numerous ransomware families, we have identified two prevalent encryption preferences: encryption file preferences and encryption path preferences. Deploying decoy files aligned with ransomware’s encryption preferences within its preferred pathways provides an opportunity for efficient and early trapping of ransomware. Pepper combines a GNN-based recommendation model with expert insights to unveil the encryption file and path preferences across various ransomware families, guiding the generation and deployment of decoy files. Moreover, a decoy file monitor is designed to continuously monitor decoy file changes and promptly respond to anomalies. Extensive experiments show that Pepper achieves a 98.68% detection rate for ransomware, with an average file loss of 2.27. Moreover, it exhibits robustness in detecting unknown ransomware variants and does not interfere with regular users.
Wed 25 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 12:15 | |||
11:00 25mTalk | Beyond Static Pattern Matching? Rethinking Automatic Cryptographic API Misuse Detection in the Era of LLMs Research Papers Yifan Xia , Zichen Xie Zhejiang University, China, Peiyu Liu Zhejiang University, Kangjie Lu University of Minnesota, Yan Liu Ant Group, Wenhai Wang Zhejiang University, Shouling Ji Zhejiang University DOI | ||
11:25 25mTalk | Pepper: Preference-Aware Active Trapping for Ransomware Research Papers Huan Zhang Institute of Information Engineering, Chinese Academy of Sciences, Zhengkai Qin Institute of Information Engineering,Chinese Academy of Sciences, Lixin Zhao Institute of Information Engineering,Chinese Academy of Sciences, Aimin Yu Institute of Information Engineering, Chinese Academy of Sciences, Lijun Cai Institute of Information Engineering,Chinese Academy of Sciences, Dan Meng Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI | ||
11:50 25mTalk | ICEPRE: ICS protocol reverse engineering via data-driven concolic execution Research Papers Yibo Qu Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Dongliang Fang Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; School of Cyber Security, University of Chinese Academy of Sciences, China, Zhen Wang Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Jiaxing Cheng Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Shuaizong Si Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Yongle Chen Taiyuan University of Technology, China, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI | ||
Aurora B is the second room in the Aurora wing.
When facing the main Cosmos Hall, access to the Aurora wing is on the right, close to the side entrance of the hotel.