Optimization of Audit Daemon for Preventing Ransomware Attacks on Linux Servers

Jacob Lumbantoruan; Bimo Makarim; Nanang Trianto; Kiko Wahyudi Setiawan

doi:10.5220/0014266200004928

Optimization of Audit Daemon for Preventing Ransomware Attacks on Linux Servers

Jacob Lumbantoruan, Bimo Makarim, Nanang Trianto, Kiko Wahyudi Setiawan

2025

Abstract

This Ransomware is one of the growing cybersecurity threats, causing financial losses and operational disruptions. This study aims to develop a ransomware detection and response system in a Linux environment by utilizing Auditd as a process monitoring tool. The system is designed to detect suspicious programs using Auditd, analyze them through VirusTotal to verify whether the programs are ransomware, and automatically terminate processes detected as ransomware. Testing was conducted on three versions of Ubuntu (18.04, 20.04, and 22.04) using four ransomware samples: Shougolock, AvosLocker, InterLock, and MarioLocker. The evaluation parameters used were Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). The test results showed that the system was able to detect ransomware with an average MTTD of 503.7 ms and respond with an average MTTR of 15.8 ms consistently across all Ubuntu versions. Ubuntu 20.04 demonstrated the best performance in detection, while Ubuntu 18.04 excelled in response speed. These results demonstrate that the developed system is effective in detecting and addressing ransomware threats across various Ubuntu environments, with potential for further improvement through configuration optimization and integration of additional security tools.

Download

Paper Citation

in Harvard Style

Lumbantoruan J., Makarim B., Trianto N. and Wahyudi Setiawan K. (2025). Optimization of Audit Daemon for Preventing Ransomware Attacks on Linux Servers. In Proceedings of the 1st International Conference on Research and Innovations in Information and Engineering Technology - Volume 1: RITECH; ISBN 978-989-758-784-9, SciTePress, pages 114-121. DOI: 10.5220/0014266200004928

in Bibtex Style

@conference{ritech25,
author={Jacob Lumbantoruan and Bimo Makarim and Nanang Trianto and Kiko Wahyudi Setiawan},
title={Optimization of Audit Daemon for Preventing Ransomware Attacks on Linux Servers},
booktitle={Proceedings of the 1st International Conference on Research and Innovations in Information and Engineering Technology - Volume 1: RITECH},
year={2025},
pages={114-121},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0014266200004928},
isbn={978-989-758-784-9},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 1st International Conference on Research and Innovations in Information and Engineering Technology - Volume 1: RITECH
TI - Optimization of Audit Daemon for Preventing Ransomware Attacks on Linux Servers
SN - 978-989-758-784-9
AU - Lumbantoruan J.
AU - Makarim B.
AU - Trianto N.
AU - Wahyudi Setiawan K.
PY - 2025
SP - 114
EP - 121
DO - 10.5220/0014266200004928
PB - SciTePress