Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach

van Sloun, Christian; Woeste, Vincent; Wolsing, Konrad; Pennekamp, Jan; Wehrle, Klaus

doi:10.5281/zenodo.14249682

Published November 30, 2024 | Version v1

Software Open

Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach

1. RWTH Aachen University
2. Cyber Analysis & Defense, Fraunhofer FKIE

This artifact contains the code to reproduce the experiments for the NDSS'25 paper: Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach. The paper's results were obtained by running on a Windows 11 22H2 Pro machine equipped with a SATA SSD and this repository provides instructions to run the benchmarks on real hardware.

A pre-compiled version of the driver is contained in IRPLogger_compiled_amd64.zip.

Files

ndss25_764_artifacts.zip

Files (747.5 MB)

Name	Size	Download all
IRPLogger_compiled_amd64.zip md5:2444fadeae7e46e7024d2f9ba6654aba	43.9 kB	Preview Download
ndss25_764_artifacts.zip md5:035c5a9b2c53a17a7e738c62446fb274	747.5 MB	Preview Download

Additional details

Programming language: Python, C++, Jupyter Notebook

Views

Downloads

Show more details

	All versions	This version
Views	93	93
Downloads	30	30
Data volume	12.0 GB	12.0 GB

More info on how stats are collected....

DOI

Resource type

Software

Publisher

Zenodo

Languages

English

License

GNU General Public License v3.0 or later

Permissions of this strong copyleft license are conditioned on making available complete source code of licensed works and modifications, which include larger works using a licensed work, under the same license. Copyright and license notices must be preserved. Contributors provide an express grant of patent rights. Read more

Technical metadata

Created: December 1, 2024
Modified: December 1, 2024

Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach

Creators

Description

Files

ndss25_764_artifacts.zip

Files (747.5 MB)

Additional details

Software