About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
FMS 2023
Conference paper
Efficient ransomware detection with machine learning in storage systems
Abstract
Since several years ransomware is the top malware attack type affecting businesses, organizations and individuals. Research activities on the detection of ransomware have mainly focused on various methods at the OS, file-system, and network level while little is known about approaches running in the storage stack. Is the information that can be extracted on IO operations sufficient for an efficient detection? We demonstrate how storage access patterns can be used to train highly efficient machine learning models and how the feature extraction and inference can be performed without user impact directly in a storage system. To do so, the presented architecture for ransomware detection leverages the capabilities at the controller level in computational storage devices. We further look into various aspects including the feature extraction process executed in computational storage devices and their aggregation to train machine learning models, the integration of the detection mechanism into the storage system stack, the capabilities of ML-models to detect unseen ransomware, and the generalizability of the models to different data storage setups.