[2601.16795] Building a Robust Risk-Based Access Control System to Combat Ransomware's Capability to Encrypt

Computer Science > Cryptography and Security arXiv:2601.16795 (cs) [Submitted on 23 Jan 2026 (v1), last revised 21 Mar 2026 (this version, v2)] Title:Building a Robust Risk-Based Access Control System to Combat Ransomware's Capability to Encrypt Authors:Kenan Begovic, Abdulaziz Al-Ali, Qutaibah Malluhi View a PDF of the paper titled Building a Robust Risk-Based Access Control System to Combat Ransomware's Capability to Encrypt, by Kenan Begovic and Abdulaziz Al-Ali and Qutaibah Malluhi View PDF HTML (experimental) Abstract:Ransomware core capability, unauthorized encryption, demands controls that identify and block malicious cryptographic activity without disrupting legitimate use. We present a probabilistic, risk-based access control architecture that couples machine learning inference with mandatory access control to regulate encryption on Linux in real time. The system builds a specialized dataset from the native ftrace framework using the function_graph tracer, yielding high-resolution kernel-function execution traces augmented with resource and I/O counters. These traces support both a supervised classifier and interpretable rules that drive an SELinux policy via lightweight booleans, enabling context-sensitive permit/deny decisions at the moment encryption begins. Compared to approaches centered on sandboxing, hypervisor introspection, or coarse system-call telemetry, the function-level tracing we adopt provides finer behavioral granularity than syscall-only telemetr...