Zero Trust Architecture for Ransomware Defense in Virtualized Environment
12th International Conference on Big Data Computing, Applications and Technologies-BDCAT, Nantes, Fransa, 1 - 04 Aralık 2025, (Tam Metin Bildiri)
- Yayın Türü: Bildiri / Tam Metin Bildiri
- Doi Numarası: 10.1145/3773276.3774876
- Basıldığı Şehir: Nantes
- Basıldığı Ülke: Fransa
- Kocaeli Üniversitesi Adresli: Evet
Özet
The ongoing surge of ransomware has underscored the need to shift from perimeter-based security to Zero Trust models. This paper investigates a Zero Trust Architecture (ZTA) approach to containing ransomware in a virtualized environment using least-privilege controls, micro-segmentation, and continuous monitoring. We develop an open-source, lightweight security architecture comprising Wazuh for real-time auditing and alerts, audited for system logging, and the Uncomplicated Firewall (UFW) for network segmentation within a VirtualBox laboratory network, consisting of Ubuntu as the victim and Kali as the attacker virtual machines. A simulated ransomware attack is conducted to evaluate detection latency, data impact, system overhead, and alert accuracy. The prototype ZTA framework detected ransomware activity in an average of approximate to 5.3 seconds. This detection limited encryption to approximately 20% of files prior to the activation of containment measures, while maintaining minimal CPU and memory overhead and exhibiting a low rate of false positives. These findings illustrate the successful early containment of ransomware via the implementation of Zero Trust controls. Although evaluated in a laboratory environment, the methodology is applicable to trustworthy and secure cloud or hybrid systems by improving data protection, facilitating compliance-oriented audits, and minimizing the impact of attacks.