"New Approach Allows for Faster Ransomware Detection"
Engineering researchers at NC State University have created a new method for deploying ransomware detection techniques that allows them to detect a wide range of malware faster than previous systems. Extortion by ransomware is extremely costly, and cases of ransomware extortion are on the rise. In 2021, the FBI received 3,729 ransomware complaints, costing more than $49 million. Furthermore, 649 of those complaints were from critical infrastructure organizations. Computing systems currently employ a number of security techniques to monitor incoming traffic as well as detect and prevent malware from impacting the system. However, detecting ransomware early enough to prevent it from gaining a foothold in the system is a major difficulty because ransomware starts encrypting files as soon as it enters. According to Archit Gajjar, the first author of the paper and a Ph.D. student at NC State University, a Machine Learning (ML) algorithm known as XGBoost is effective at detecting ransomware, but when systems run the algorithm via a CPU or GPU, it is significantly slow. In addition, attempts to integrate XGBoost into hardware systems have been hindered by a lack of flexibility in that they focus on specific challenges, thus making monitoring for the whole range of ransomware attacks difficult or impossible. Therefore, the researchers devised a hardware-based technique called FAXID that allows XGBoost to monitor for various ransomware threats while being faster than any of the software solutions. FAXID has been found to be just as accurate as software-based approaches at detecting ransomware. The main distinction was speed, as FAXID was up to 65.8 percent faster than software running XGBoost on a CPU and 5.3 times faster than software using XGBoost on a GPU. This article continues to discuss the advantages of the researchers' FAXID approach to detecting ransomware.
NC State University reports "New Approach Allows for Faster Ransomware Detection"