Sunday, February 9, 2025
Homecyber securityNew ‘SHIELD’ Platform Leverages FPGA and Off-Host Monitoring to Tackle Advanced Ransomware...

New ‘SHIELD’ Platform Leverages FPGA and Off-Host Monitoring to Tackle Advanced Ransomware Threats

Published on

SIEM as a Service

Follow Us on Google News

In a significant advancement against increasingly sophisticated ransomware threats, researchers from NYU Tandon School of Engineering have introduced SHIELD (Secure Host-Independent Extensible Logging), an innovative detection architecture.

This system leverages hardware-level, tamper-proof metrics for real-time ransomware identification.

By operating independently of compromised host systems, SHIELD addresses a critical gap in existing detection frameworks, offering unparalleled security against ransomware’s rapid and covert encryption techniques.

Revolutionizing Ransomware Detection Through Hardware Isolation

SHIELD integrates FPGA-based open-source SATA and Network Block Device (NBD) technologies to achieve hardware-level isolation.

Unlike traditional methods reliant on host systems prone to tampering, SHIELD collects and analyzes metrics directly at multiple hardware layers, including the SATA interface, FPGA, and the EXT4 file system.

This robust framework allows it to observe and analyze nuanced storage activity in real-time, distinguishing between benign and malicious software.

Researchers conducted comprehensive case studies involving 10 ransomware families and 10 benign software applications.

SHIELD successfully identified key behavioral differences linked to ransomware, such as unusually high inode and data block access rates during encryption processes.

For instance, variants like LockBit and BlackCat capable of encrypting tens of thousands of files per minute were effectively detected due to SHIELD’s detailed metric capture capabilities.

Capabilities

The SHIELD system offers three major innovations:

  1. Multi-Level Tamper-Proof Metrics: By collecting intricate data at various hardware levels, SHIELD enables real-time anomaly detection without relying on vulnerable host systems.
  2. Enhanced FPGA-Based Storage Functionality: SHIELD expands the capabilities of an open-source SATA Host Bus Adapter (HBA) to support full disk operations, enabling seamless integration with NBD-based storage over Ethernet.
  3. Foundational Support for Machine Learning (ML): The collected metrics lay the groundwork for ML-assisted automated detection, enabling future development of intelligent ASIC-based security mechanisms.

The architecture supports both physical SATA storage devices and virtual storage environments, ensuring scalability and compatibility with diverse operational needs.

SHIELD’s experimental results highlight its efficacy in identifying ransomware. The system’s hardware-level metrics, such as inode writes and data block reads, revealed stark differences between benign and ransomware programs.

Ransomware consistently showed higher inode modifications per second, a key indicator of malicious behavior.

Benign software exhibited stable disk access patterns, allowing SHIELD to uniquely fingerprint safe applications versus ransomware.

The study also demonstrated that SHIELD’s host-independent framework maintained accuracy while being impervious to tampering, a critical advantage over traditional host-dependent approaches.

Comparative analysis with existing ransomware detection methods underscores SHIELD’s superiority.

While traditional solutions like file integrity monitoring or cloud-based systems offer partial protections, they lack the granularity or host independence SHIELD provides.

Moreover, SHIELD’s ability to seamlessly integrate into on-site infrastructure addresses organizational concerns over data sovereignty and privacy.

Looking ahead, the researchers plan to integrate machine learning models for automated ransomware detection and mitigation.

Additionally, embedding SHIELD within specialized ASICs or storage controllers could deliver high-speed, low-latency malware detection directly within hardware.

Such advancements would position SHIELD as a cornerstone technology for secure data storage and ransomware defense.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...