Ransomware

Detecting Ransomware on the Linux Desktop: A behavioral approach to Host-based Intrusion Detection
reading time: 2 minutes

Abstract

Despite the steadily increasing popularity of the Linux desktop in recent years and its resulting attractiveness as a target for cyberattacks, the current landscape of open source antivirus solutions - which effectively consists solely of the signature-based scanner ClamAV - remains highly inadequate. To meaningfully complement the existing solution landscape, an eBPF-based solution for the behavioral detection of ransomware on the Linux desktop was developed in the course of this work. This system is designed to detect malicious processes in real time by analyzing system events from the kernel against specific patterns using predefined, deterministic rules.