A New Static-Based Framework for Ransomware Detection (Record no. 8867)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 07572nam a22002537a 4500 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 210125b2019 a|||f bm|| 00| 0 eng d |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | EG-CaNU |
| Transcribing agency | EG-CaNU |
| 041 0# - Language Code | |
| Language code of text | eng |
| Language code of abstract | eng |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 658 |
| 100 0# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | May Medhat Mohamed |
| 245 1# - TITLE STATEMENT | |
| Title | A New Static-Based Framework for Ransomware Detection |
| Statement of responsibility, etc. | May Medhat Mohamed |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. | |
| Date of publication, distribution, etc. | 2019 |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 73 p. |
| Other physical details | ill. |
| Dimensions | 21 cm. |
| 500 ## - GENERAL NOTE | |
| Materials specified | Supervisor: Nashwa Abd El-Baki |
| 502 ## - Dissertation Note | |
| Dissertation type | Thesis (M.A.)—Nile University, Egypt, 2019 . |
| 504 ## - Bibliography | |
| Bibliography | "Includes bibliographical references" |
| 505 0# - Contents | |
| Formatted contents note | Contents:<br/>Abstract ........................................................................................................................................... v<br/>Acknowledgments .......................................................................................................................... vii<br/>Ransomware................................................................................................................................... 1<br/>1.1 Ransomware Types.............................................................................................................. 1<br/>1.2 Ransomware infection vectors ............................................................................................ 3<br/>1.3 Ransomware Attack............................................................................................................. 4<br/>1.3.1 Ransomware Infection Execution .................................................................................... 5<br/>1.3.2 Ransomware targeted files.............................................................................................. 5<br/>1.3.3 Ransomware encryption process .................................................................................... 5<br/>1.4 Conclusion ........................................................................................................................... 6<br/>Background and Related Works ...................................................................................................... 7<br/>2.1 Ransomware analysis .......................................................................................................... 7<br/>2.1.1 Static analysis .................................................................................................................. 7<br/>2.1.2 Dynamic analysis ............................................................................................................. 8<br/>2.1.3 Hybrid analysis ................................................................................................................. 8<br/>2.1.4 Research analysis and detection technique .................................................................... 9<br/>2.2 Related Work ....................................................................................................................... 9<br/>2.2.1 Ransomware evolution .................................................................................................... 9<br/>2.2.2 Ransomware vs Crypto-Currencies ............................................................................... 10<br/>2.2.3 Ransomware as a service (RAAS) .................................................................................. 12<br/>2.2.4 Ransomware vs Phones ................................................................................................. 12<br/>2.2.5 Ransomware vs Internet of things (IOT)........................................................................ 13<br/>2.2.6 Ransomware analysis and detection ............................................................................. 13<br/>2.2.7 Ransomware mitigation ................................................................................................ 18<br/>2.2.8 Ransomware recovery ................................................................................................... 20<br/>2.2.9 Ransomware research directions summary .................................................................. 20<br/>2.3 Research problem statement ............................................................................................ 21<br/>2.4 Conclusion ......................................................................................................................... 22<br/>Ransomware detection framework .............................................................................................. 25<br/>3.1 Data set selection .............................................................................................................. 25<br/>3.2 Features selection ............................................................................................................. 28<br/>3.3 Ransomware detection framework ................................................................................... 33<br/>3.4 Framework Case Studies ................................................................................................... 36<br/>3.4.1 BadRabbit ransomware case ......................................................................................... 36<br/>3.4.2 Cryakl ransomware case ................................................................................................ 39<br/>3.5 Conclusion ......................................................................................................................... 41<br/>Framework Evaluation .................................................................................................................. 43<br/>4.1 Framework Performance Metrics ..................................................................................... 43<br/>4.2 Training set results ............................................................................................................ 45<br/>4.3 Testing set results .............................................................................................................. 70<br/>4.4 Framework results comparison ......................................................................................... 73<br/>Conclusions and Future Work ....................................................................................................... 75<br/>Bibliography ............................ |
| 520 3# - Abstract | |
| Abstract | Abstract:<br/>Nowadays, ransomware attacks are increasing rapidly. They damage critical infrastructures and organizations all over the world. Ransomware main target is encrypting important files on the targeted victim machine using encryption techniques to encrypt important files. Subsequently, a ransom-note displayed to the victim requesting payment to attacker in order to get the decryption key. Hence, ransomware attacks detection and prevention become crucial challenges for information security researchers.<br/>This research presents new rule-based detection framework for ransomware attacks. The decision rules of the presented framework are relying on static properties acquired from ransomware files. Once the scanned sample reached the threshold specified by rules, logical operations evaluates the triggered rule. Based on the logical operations results, a score is given to each file. Score given for each sample represents the certainty whether this file can be classified as a ransomware or not. Scores assigned to samples can be from critical to low. Various ransomware families have been detected with high accuracy and detection ratio using the presented framework. |
| 546 ## - Language Note | |
| Language Note | Text in English, abstracts in English. |
| 650 #4 - Subject | |
| Subject | Information Security |
| 655 #7 - Index Term-Genre/Form | |
| Source of term | NULIB |
| focus term | Dissertation, Academic |
| 690 ## - Subject | |
| School | Information Security |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | Dewey Decimal Classification |
| Koha item type | Thesis |
| 650 #4 - Subject | |
| -- | 294 |
| 655 #7 - Index Term-Genre/Form | |
| -- | 187 |
| 690 ## - Subject | |
| -- | 294 |
| Withdrawn status | Lost status | Source of classification or shelving scheme | Damaged status | Not for loan | Home library | Current library | Date acquired | Total Checkouts | Full call number | Date last seen | Price effective from | Koha item type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dewey Decimal Classification | Not For Loan | Main library | Main library | 01/25/2021 | 658 / M.M.N / 2019 | 01/25/2021 | 01/25/2021 | Thesis |