TY  - JOUR
T1  - A Study on Micro-Segmentation Based File-Encrypting Ransomware Detection
AU  - Seo, Jung-woo 
JO  - The Journal of Korean Institute of Communications and Information Sciences
PY  - 2023
DA  - 2023/1/14
DO  - 10.7840/kics.2023.48.9.1114
KW  - Ransomware
KW  - Micro-segmentation
KW  - Anomaly detection
KW  - Malware
AB  - Traditional perimeter-focused security measures have limitations in a complex and diversifying IT infrastructure environment. Traditional perimeter firewalls cannot effectively detect attackers who have crossed the perimeter and entered the trust zone. While organizations take proactive steps to reduce the scope of attacks, it is difficult to stop data leaks. Therefore, organizations need to enhance their ability to detect and prevent lateral movement The proposed methodology is based on micro-segmentation to separate directories and files into regions, organize directories and files into blocks, and then detect anomalies. The experiment utilized real data from a virtualized environment and measured the time to detect file-encrypted ransomware by executing the malware.