ERW-Radar: An Adaptive Detection System against Evasive Ransomware by Contextual Behavior Detection and Fine-grained Content Analysis
Lingbo Zhao
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Ransomware
This article delves into ERW-Radar, an innovative adaptive detection system designed to combat the growing threat of **evasive ransomware**. Presented by Lingbo Zhao at the NDSS Symposium, the talk addresses critical shortcomings in traditional ransomware detection mechanisms that are increasingly bypassed by sophisticated attack techniques. Unlike conventional ransomware that exhibits obvious, high-intensity I/O behaviors, evasive variants deliberately modify their operational patterns to fly under the radar, making them exceptionally challenging to identify using existing security solutions.
AI review
Legitimate academic systems research with a real problem statement — evasive ransomware evading I/O-based detection — and a multi-component solution that shows genuine engineering thought. The contributions (correlation-based behavioral repetitiveness detection, chi-square + byte distribution content analysis, adaptive window sizing) are incremental but defensible. Nothing here redefines the field, but it's honest work presented at a venue where that standard is appropriate.