Real-time open-file backup system with machine-learning detection model for ransomware

The recent rapid increase in ransomware attacks has heightened threat levels for various targets, including critical infrastructure. Traditional signature-based detection methods are effective against known ransomware but struggle to address unknown and obfuscated attacks. Furthermore, in current machine-learning-based detection approaches, files are at risk of encryption during the detection time, i.e., the time taken from detection of the ransomware to its termination. In response to these issues, this study proposes the Real-time Open-File Backup System (ROFBS), which aims to minimize encryption damage by performing immediate backups upon file opening detection. We conduct three experiments to evaluate the effectiveness of ROFBS. First, we measure the backup ratio during ransomware attacks and find consistently high backup rates for ROFBS. Second, we analyze detection time trends and find that longer detection times correlate with an increase in encrypted files. Third, we measure central processing unit, memory, and disk input/output usage. Results indicate that the impact of ROFBS on normal system performance is minimal. These experiments not only quantitatively demonstrate the effectiveness of ROFBS but also highlight the importance of considering detection time in future research. The results of this study suggest that ROFBS can enhance defense against ransomware attacks and ensure data security.