Monitoring Ransomware with Berkeley Packet Filter

Zhuravchak, D and Tolkachova, A and Piskozub, A and Dudykevych, V and Korshun, Natalia (2023) Monitoring Ransomware with Berkeley Packet Filter Cybersecurity Providing in Information and Telecommunication Systems, 3550. pp. 95-106. ISSN 1613-0073

[thumbnail of D_Zhuravchak_A_Tolkachova_A_Piskozub_V_Dudykevych_N_Korshun_CPITS-II-2023_3050.pdf]

Text
D_Zhuravchak_A_Tolkachova_A_Piskozub_V_Dudykevych_N_Korshun_CPITS-II-2023_3050.pdf
Download (542kB)

Official URL: https://ceur-ws.org/Vol-3550/

Abstract

The article delves comprehensively into employing the extended Berkeley Packet Filter (eBPF) for monitoring network traffic, filtering system calls, and overseeing processes for ransomware activity. The principles and architecture underlying this advanced technology are explored, laying a solid foundation for developing robust mechanisms for detecting and halting malware propagation across networks. The paper highlights potential strategies for tracking viruses within traffic and evaluates this approach, meticulously considering the security concerns and control mechanisms endowed by eBPF. A notable section of the article is dedicated to a comparative analysis. Traditional malware detection mechanisms are assessed alongside a program built on eBPF, offering a clear, unbiased insight into their respective efficiencies and potential pitfalls. This extensive comparison underscores the enhanced proficiency and security offered by eBPF-based monitoring mechanisms, solidifying their stance as a formidable tool against malware threats, including ransomware. The authors demonstrate the capability of an eBPF-based monitoring system in delivering potent network defense against various malware forms, including ransomware, presenting significant implications for antivirus protection developers. This comprehensive exploration and presented findings are pivotal for enhancing the overall security quotient of computer networks globally, emphasizing the critical role of eBPF in contemporary network security paradigms. The superior efficiency and security assurance offered by BPF reinforces its viability as a pivotal technology for monitoring network traffic and safeguarding against pervasive malware threats.

Item Type:	Article
Uncontrolled Keywords:	eBPF; monitoring; cybersecurity; vulnerabilities; malware
Subjects:	Це архівна тематика Київського університету імені Бориса Грінченка > Статті у наукометричних базах > Scopus
Divisions:	Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Depositing User:	Павло Миколайович Складанний
Date Deposited:	11 Dec 2023 11:13
Last Modified:	11 Dec 2023 11:13
URI:	https://elibrary.kubg.edu.ua/id/eprint/47129

Actions (login required)

View Item