NCI WEBSITE
NORMA eResearch @NCI Library

Zero Trust Architecture for Ransomware Defense in Virtualized Environment

Tools

Dhumal, Atharva, Ghaleb, Mustafa, Abdelsalam, Samah, Moldovan, Arghir-Nicolae and Hamdan Mohamed, Mosab (2025) Zero Trust Architecture for Ransomware Defense in Virtualized Environment. In: BDCAT '25: Proceedings of the IEEE/ACM 12th International Conference on Big Data Computing, Applications and Technologies. ACM, Nantes, pp. 1-7. ISBN 979-840072286-8

[thumbnail of 3773276.3774876.pdf]
Preview
 PDF
Download (1MB) | Preview
Official URL: https://doi.org/10.1145/3773276.3774876

Abstract

The ongoing surge of ransomware has underscored the need to shift from perimeter-based security to Zero Trust models. This paper investigates a Zero Trust Architecture (ZTA) approach to containing ransomware in a virtualized environment using least-privilege controls, micro-segmentation, and continuous monitoring. We develop an open-source, lightweight security architecture comprising Wazuh for real-time auditing and alerts, audited for system logging, and the Uncomplicated Firewall (UFW) for network segmentation within a VirtualBox laboratory network, consisting of Ubuntu as the victim and Kali as the attacker virtual machines. A simulated ransomware attack is conducted to evaluate detection latency, data impact, system overhead, and alert accuracy. The prototype ZTA framework detected ransomware activity in an average of ≈ 5.3 seconds. This detection limited encryption to approximately 20% of files prior to the activation of containment measures, while maintaining minimal CPU and memory overhead and exhibiting a low rate of false positives. These findings illustrate the successful early containment of ransomware via the implementation of Zero Trust controls. Although evaluated in a laboratory environment, the methodology is applicable to trustworthy and secure cloud or hybrid systems by improving data protection, facilitating compliance-oriented audits, and minimizing the impact of attacks.

Item Type: Book Section
Uncontrolled Keywords: Auditd; Micro-Segmentation; Ransomware; Ransomware Containment; Uncomplicated Firewall; Virtualized Lab; Wazuh; Zero Trust Architecture
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
T Technology > TA Engineering (General). Civil engineering (General) > Systems engineering > Simulation methods
Divisions: School of Computing > Staff Research and Publications
Depositing User: Tamara Malone
Date Deposited: 21 Jan 2026 10:39
Last Modified: 21 Jan 2026 10:39
URI: https://norma.ncirl.ie/id/eprint/9110

Actions (login required)

View Item View Item