<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>TiamatAV on</title><link>https://zeugner.sh/tags/tiamatav/</link><description>Recent content in TiamatAV on</description><generator>Hugo</generator><language>en-us</language><managingEditor>david.zeugner@tiamatav.org (David Zeugner)</managingEditor><webMaster>david.zeugner@tiamatav.org (David Zeugner)</webMaster><lastBuildDate>Sat, 18 Jul 2026 12:01:23 +0200</lastBuildDate><atom:link href="https://zeugner.sh/tags/tiamatav/index.xml" rel="self" type="application/rss+xml"/><item><title>Detecting Ransomware on the Linux Desktop: A behavioral approach to Host-based Intrusion Detection</title><link>https://zeugner.sh/research/detecting-ransomware-on-linux/</link><pubDate>Sat, 18 Jul 2026 12:01:23 +0200</pubDate><author>david.zeugner@tiamatav.org (David Zeugner)</author><guid>https://zeugner.sh/research/detecting-ransomware-on-linux/</guid><description>&lt;h1 id="abstract"&gt;Abstract&lt;/h1&gt;
&lt;p&gt;Despite the steadily increasing popularity of the Linux desktop in recent years and its resulting attractiveness as a target for cyberattacks, the current landscape of open source antivirus solutions - which effectively consists solely of the signature-based scanner ClamAV - remains highly inadequate. To meaningfully complement the existing solution landscape, an eBPF-based solution for the behavioral detection of ransomware on the Linux desktop was developed in the course of this work. This system is designed to detect malicious processes in real time by analyzing system events from the kernel against specific patterns using predefined, deterministic rules.&lt;/p&gt;</description></item></channel></rss>