Dynamic user-centric access control for detection of ransomware attacks

Abstract Ransomware attacks are often catastrophic, yet existing reactive and preventative measures could only partially mitigate ransomware damage, often not in a timely manner, and often cannot prevent the novel attack vectors. Many of them were program-centric or data-centric and did not take into consideration user intention or consent. In this paper, we advocate for a dynamic approach of detecting ransomware-like behaviors by proposing a user-centric access control framework, which collects security indicators from the Operating System (OS) to deduct security metrics, compute security indicators and estimate security positions, to dynamically make access control assessments on file access requests. To demonstrate its applicability, we effectuated the principles of User-Driven Access Control (UDAC) for user intention (the goal of a user operation) and Content-Based Isolation (CBI) for user consent (the acceptance of the consequence of a user operation), and developed a proof-of-concept prototype on Windows desktop platforms. It collected information that could reveal the application identity, behavior and the OS environmental factor, before assessing whether an access request to the file system violated the principles of UDAC or CBI. Our prototype was able to raise early warnings on both attacks by real and simulated ransomware of novel vectors.

• Publication year

  2021

• Venue

  Computers & security

• Publication date

  2021-12-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1016/j.cose.2021.102461
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Enforcing situation-aware access control to build malware-resilient file systems

  2021cited by this paper
• Dynamic Distributed Secure Storage Against Ransomware

  2020cited by this paper
• Dynamic Malware Analysis in the Modern Era—A State of the Art Survey

  2019cited by this paper
• NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

  2019cited by this paper
• A Close Look at a Daily Dataset of Malware Samples

  2019cited by this paper
• Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries

  2019cited by this paper
• A Cyber-Kill-Chain based taxonomy of crypto-ransomware features

  2019cited by this paper
• Instruction Cognitive One-Shot Malware Outbreak Detection

  2019cited by this paper
• The Inadequacy of Entropy-Based Ransomware Detection

  2019cited by this paper
• Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection

  2019cited by this paper
• Masquerade Attacks Against Security Software Exclusion Lists

  2019cited by this paper
• Classification of ransomware families with machine learning based on N-gram of opcodes

  2019cited by this paper
• RWGuard: A Real-Time Detection System Against Cryptographic Ransomware

  2018cited by this paper
• R-Locker: Thwarting ransomware action through a honeyfile-based approach

  2018cited by this paper
• An Experience Sampling Study of User Reactions to Browser Warnings in the Field

  2018cited by this paper
• Machine Learning-Based Detection of Ransomware Using SDN

  2018cited by this paper
• On the Economic Significance of Ransomware Campaigns: A Bitcoin Transactions Perspective

  2018cited by this paper
• Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence

  2018cited by this paper
• Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions

  2018cited by this paper
• No Random, No Ransom: A Key to Stop Cryptographic Ransomware

  2018cited by this paper
• Ransomware prevention using application authentication-based file access control

  2018cited by this paper
• Forensic Analysis of Ransomware Families Using Static and Dynamic Analysis

  2018cited by this paper
• A New Static-Based Framework for Ransomware Detection

  2018cited by this paper
• Ransomware early detection by the analysis of file sharing traffic

  2018cited by this paper
• Large Scale Behavioral Analysis of Ransomware Attacks

  2018cited by this paper
• Automatically Traceback RDP-Based Targeted Ransomware Attacks

  2018cited by this paper
• Fileless attacks: compromising targets without malware

  2017cited by this paper
• Cryptovirology

  2017cited by this paper
• R-PackDroid: API package-based characterization and detection of mobile ransomware

  2017cited by this paper
• A Survey on Malware Detection Using Data Mining Techniques

  2017cited by this paper
• The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences

  2017cited by this paper
• DECANTeR DEteCtion of Anomalous outbouNd HTTP Traffic by Passive Application Fingerprinting

  2017cited by this paper
• Designing Application Permission Models that Meet User Expectations

  2017cited by this paper
• Current Research and Open Problems in Attribute-Based Access Control

  2017cited by this paper
• PayBreak: Defense Against Cryptographic Ransomware

  2017cited by this paper
• Redemption: Real-Time Protection Against Ransomware at End-Hosts

  2017cited by this paper
• User Interactions and Permission Use on Android

  2017cited by this paper
• 2entFOX: A framework for high survivable ransomwares detection

  2016cited by this paper
• Overhaul: Input-Driven Access Control for Better Privacy on Traditional Operating Systems

  2016cited by this paper
• ShieldFS: a self-healing, ransomware-aware filesystem

  2016cited by this paper
• Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics

  2016cited by this paper
• Detecting Ransomware with Honeypot Techniques

  2016cited by this paper
• Ransomware and the Legacy Crypto API

  2016cited by this paper
• AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems

  2016cited by this paper
• CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data

  2016cited by this paper
• CloudRPS: a cloud analysis based enhanced ransomware prevention system

  2016cited by this paper
• UNVEIL: A large-scale, automated approach to detecting ransomware (keynote)

  2016cited by this paper
• A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection

  2016cited by this paper
• Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks

  2015cited by this paper
• OntCAAC: An Ontology-Based Approach to Context-Aware Access Control for Software Services

  2015cited by this paper
• Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares

  2015cited by this paper
• Analysis of Monolithic and Microkernel Architectures: Towards Secure Hypervisor Design

  2014cited by this paper
• Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs

  2014cited by this paper
• Content-based isolation: rethinking isolation policy design on client systems

  2013cited by this paper
• Privacy as part of the app decision-making process

  2013cited by this paper
• An Ontology-Based Approach to Context-Aware Access Control for Software Services

  2013cited by this paper
• User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems

  2012cited by this paper
• Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing

  2012cited by this paper
• A general definition of malware

  2010cited by this paper
• Do windows users follow the principle of least privilege?: investigating user account control practices

  2010cited by this paper
• Bringing science to digital forensics with standardized forensic corpora

  2009cited by this paper
• The user is not the enemy: fighting malware by tracking user intentions

  2008cited by this paper
• Least Privilege and More

  2003cited by this paper
• A critical review of end-user information system satisfaction research and a new research framework

  2002cited by this paper
• Correctness and composition of software architectures

  1994cited by this paper

• VM-ORAM: A Novel High-Performance ORAM Architecture for Efficient Data Integrity Verification in Industrial Cloud

  2026cites this paper
• The Erosion of Cybersecurity Zero-Trust Principles Through Generative AI: A Survey on the Challenges and Future Directions

  2025cites this paper
• Safeguarding Individuals and Organizations From Privacy Breaches: A Comprehensive Review of Problem Domains, Solution Strategies, and Prospective Research Directions

  2025cites this paper
• A conceptual framework to mitigate ransomware attacks on IoMT devices using threat intelligence: a systematic literature review

  2025cites this paper
• Privacy preserved api access control policy- based ransomware attack detection in cloud vms using sl2stm

  2025cites this paper
• Adaptive mutual information ABC and Swish-TCN: Cutting-edge approaches for feature selection and cloud security

  2025cites this paper
• A new wrapper feature selection approach for binary ransomware detection

  2025cites this paper
• Ransomware Detection through Temporal Correlation between Encryption and I/O Behavior

  2025cites this paper
• Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration

  2024influential citation
• Addressing Behavioral Drift in Ransomware Early Detection Through Weighted Generative Adversarial Networks

  2024cites this paper
• XRan: Explainable deep learning-based ransomware detection using dynamic analysis

  2024cites this paper
• AI-Based Ransomware Detection: A Comprehensive Review

  2024cites this paper
• A Systematic Review and Taxonomy of Ransomware Detection Based on Artificial Intelligence Algorithms

  2024cites this paper
• Machine Learning-Based Methodology for Preventing Ransomware Attacks on Healthcare Sector

  2023cites this paper
• Applying staged event-driven access control to combat ransomware

  2023cites this paper
• Ransomware early detection: A survey

  2023cites this paper
• The threat of ransomware in the food supply chain: a challenge for food defence

  2023cites this paper
• Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

  2023cites this paper
• Cryptographic ransomware encryption detection: Survey

  2023cites this paper
• SwiftR: Cross-platform ransomware fingerprinting using hierarchical neural networks on hybrid features

  2023cites this paper
• UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

  2021cites this paper