Monitoring Ransomware with Berkeley Packet Filter

Zhuravchak, D та Tolkachova, A та Piskozub, A та Dudykevych, V та Korshun, Natalia (2023) Monitoring Ransomware with Berkeley Packet Filter Cybersecurity Providing in Information and Telecommunication Systems, 3550. с. 95-106. ISSN 1613-0073

[thumbnail of D_Zhuravchak_A_Tolkachova_A_Piskozub_V_Dudykevych_N_Korshun_CPITS-II-2023_3050.pdf]

Текст
D_Zhuravchak_A_Tolkachova_A_Piskozub_V_Dudykevych_N_Korshun_CPITS-II-2023_3050.pdf
Download (542kB)

Офіційне посилання: https://ceur-ws.org/Vol-3550/

Анотація

The article delves comprehensively into employing the extended Berkeley Packet Filter (eBPF) for monitoring network traffic, filtering system calls, and overseeing processes for ransomware activity. The principles and architecture underlying this advanced technology are explored, laying a solid foundation for developing robust mechanisms for detecting and halting malware propagation across networks. The paper highlights potential strategies for tracking viruses within traffic and evaluates this approach, meticulously considering the security concerns and control mechanisms endowed by eBPF. A notable section of the article is dedicated to a comparative analysis. Traditional malware detection mechanisms are assessed alongside a program built on eBPF, offering a clear, unbiased insight into their respective efficiencies and potential pitfalls. This extensive comparison underscores the enhanced proficiency and security offered by eBPF-based monitoring mechanisms, solidifying their stance as a formidable tool against malware threats, including ransomware. The authors demonstrate the capability of an eBPF-based monitoring system in delivering potent network defense against various malware forms, including ransomware, presenting significant implications for antivirus protection developers. This comprehensive exploration and presented findings are pivotal for enhancing the overall security quotient of computer networks globally, emphasizing the critical role of eBPF in contemporary network security paradigms. The superior efficiency and security assurance offered by BPF reinforces its viability as a pivotal technology for monitoring network traffic and safeguarding against pervasive malware threats.

Тип елементу :	Стаття
Ключові слова:	eBPF; monitoring; cybersecurity; vulnerabilities; malware
Типологія:	Це архівна тематика Київського університету імені Бориса Грінченка > Статті у наукометричних базах > Scopus
Підрозділи:	Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Користувач, що депонує:	Павло Миколайович Складанний
Дата внесення:	11 Груд 2023 11:13
Останні зміни:	11 Груд 2023 11:13
URI:	https://elibrary.kubg.edu.ua/id/eprint/47129

Actions (login required)

Перегляд елементу