A New Static-Based Framework for Ransomware Detection May Medhat Mohamed

By:

May Medhat Mohamed

Material type: Text

TextLanguage: English Summary language: English Publication details: 2019Description: 73 p. ill. 21 cmSubject(s):

Genre/Form:

Dissertation, Academic

DDC classification:

Contents:

Contents: Abstract ........................................................................................................................................... v Acknowledgments .......................................................................................................................... vii Ransomware................................................................................................................................... 1 1.1 Ransomware Types.............................................................................................................. 1 1.2 Ransomware infection vectors ............................................................................................ 3 1.3 Ransomware Attack............................................................................................................. 4 1.3.1 Ransomware Infection Execution .................................................................................... 5 1.3.2 Ransomware targeted files.............................................................................................. 5 1.3.3 Ransomware encryption process .................................................................................... 5 1.4 Conclusion ........................................................................................................................... 6 Background and Related Works ...................................................................................................... 7 2.1 Ransomware analysis .......................................................................................................... 7 2.1.1 Static analysis .................................................................................................................. 7 2.1.2 Dynamic analysis ............................................................................................................. 8 2.1.3 Hybrid analysis ................................................................................................................. 8 2.1.4 Research analysis and detection technique .................................................................... 9 2.2 Related Work ....................................................................................................................... 9 2.2.1 Ransomware evolution .................................................................................................... 9 2.2.2 Ransomware vs Crypto-Currencies ............................................................................... 10 2.2.3 Ransomware as a service (RAAS) .................................................................................. 12 2.2.4 Ransomware vs Phones ................................................................................................. 12 2.2.5 Ransomware vs Internet of things (IOT)........................................................................ 13 2.2.6 Ransomware analysis and detection ............................................................................. 13 2.2.7 Ransomware mitigation ................................................................................................ 18 2.2.8 Ransomware recovery ................................................................................................... 20 2.2.9 Ransomware research directions summary .................................................................. 20 2.3 Research problem statement ............................................................................................ 21 2.4 Conclusion ......................................................................................................................... 22 Ransomware detection framework .............................................................................................. 25 3.1 Data set selection .............................................................................................................. 25 3.2 Features selection ............................................................................................................. 28 3.3 Ransomware detection framework ................................................................................... 33 3.4 Framework Case Studies ................................................................................................... 36 3.4.1 BadRabbit ransomware case ......................................................................................... 36 3.4.2 Cryakl ransomware case ................................................................................................ 39 3.5 Conclusion ......................................................................................................................... 41 Framework Evaluation .................................................................................................................. 43 4.1 Framework Performance Metrics ..................................................................................... 43 4.2 Training set results ............................................................................................................ 45 4.3 Testing set results .............................................................................................................. 70 4.4 Framework results comparison ......................................................................................... 73 Conclusions and Future Work ....................................................................................................... 75 Bibliography ............................

Dissertation note: Thesis (M.A.)—Nile University, Egypt, 2019 . Abstract: Abstract: Nowadays, ransomware attacks are increasing rapidly. They damage critical infrastructures and organizations all over the world. Ransomware main target is encrypting important files on the targeted victim machine using encryption techniques to encrypt important files. Subsequently, a ransom-note displayed to the victim requesting payment to attacker in order to get the decryption key. Hence, ransomware attacks detection and prevention become crucial challenges for information security researchers. This research presents new rule-based detection framework for ransomware attacks. The decision rules of the presented framework are relying on static properties acquired from ransomware files. Once the scanned sample reached the threshold specified by rules, logical operations evaluates the triggered rule. Based on the logical operations results, a score is given to each file. Score given for each sample represents the certainty whether this file can be classified as a ransomware or not. Scores assigned to samples can be from critical to low. Various ransomware families have been detected with high accuracy and detection ratio using the presented framework.

Tags from this library: No tags from this library for this title. Log in to add tags.

Average rating: 0.0 (0 votes)

Holdings
Item type	Current library	Call number	Status	Date due	Barcode
Thesis	Main library	658 / M.M.N / 2019 (Browse shelf(Opens below))	Not For Loan

Browsing Main library shelves Close shelf browser (Hides shelf browser)

Previous	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	Next
Previous	658 /M.E.M / 2023 A MACHINE LEARNING-BASED INTRUSION DETECTION SYSTEM FOR IOT ELECTRIC VEHICLE CHARGING STATIONS (EVCS)/	658/ M.K.C 2017 The controller framework of a physical and a logical security of the automated teller machine /	658 / M.K.C / 2019 Cryptographic Scheme For Sybil Attacks Prevention In Vehicular Ad-Hoc Networks /	658 / M.M.N / 2019 A New Static-Based Framework for Ransomware Detection	658/ M.M.W 2017 Web Application DDOS Attacks Mitigation Using Resources Monitoring /	658 /M.S.S / 2022 SECURING INFORMATION CENTRIC VEHICULAR NETWORKS USING SEGMENTED OVER THE AIR (OTA) PLATFORM AND BLOCKCHAIN TECHNOLOGY /	658/ MA.E 2017 Experimental Digital Forensics of Subscriber Identification Module (Sim) Card /	Next

Supervisor: Nashwa Abd El-Baki

Thesis (M.A.)—Nile University, Egypt, 2019 .

"Includes bibliographical references"

Contents:
Abstract ........................................................................................................................................... v
Acknowledgments .......................................................................................................................... vii
Ransomware................................................................................................................................... 1
1.1 Ransomware Types.............................................................................................................. 1
1.2 Ransomware infection vectors ............................................................................................ 3
1.3 Ransomware Attack............................................................................................................. 4
1.3.1 Ransomware Infection Execution .................................................................................... 5
1.3.2 Ransomware targeted files.............................................................................................. 5
1.3.3 Ransomware encryption process .................................................................................... 5
1.4 Conclusion ........................................................................................................................... 6
Background and Related Works ...................................................................................................... 7
2.1 Ransomware analysis .......................................................................................................... 7
2.1.1 Static analysis .................................................................................................................. 7
2.1.2 Dynamic analysis ............................................................................................................. 8
2.1.3 Hybrid analysis ................................................................................................................. 8
2.1.4 Research analysis and detection technique .................................................................... 9
2.2 Related Work ....................................................................................................................... 9
2.2.1 Ransomware evolution .................................................................................................... 9
2.2.2 Ransomware vs Crypto-Currencies ............................................................................... 10
2.2.3 Ransomware as a service (RAAS) .................................................................................. 12
2.2.4 Ransomware vs Phones ................................................................................................. 12
2.2.5 Ransomware vs Internet of things (IOT)........................................................................ 13
2.2.6 Ransomware analysis and detection ............................................................................. 13
2.2.7 Ransomware mitigation ................................................................................................ 18
2.2.8 Ransomware recovery ................................................................................................... 20
2.2.9 Ransomware research directions summary .................................................................. 20
2.3 Research problem statement ............................................................................................ 21
2.4 Conclusion ......................................................................................................................... 22
Ransomware detection framework .............................................................................................. 25
3.1 Data set selection .............................................................................................................. 25
3.2 Features selection ............................................................................................................. 28
3.3 Ransomware detection framework ................................................................................... 33
3.4 Framework Case Studies ................................................................................................... 36
3.4.1 BadRabbit ransomware case ......................................................................................... 36
3.4.2 Cryakl ransomware case ................................................................................................ 39
3.5 Conclusion ......................................................................................................................... 41
Framework Evaluation .................................................................................................................. 43
4.1 Framework Performance Metrics ..................................................................................... 43
4.2 Training set results ............................................................................................................ 45
4.3 Testing set results .............................................................................................................. 70
4.4 Framework results comparison ......................................................................................... 73
Conclusions and Future Work ....................................................................................................... 75
Bibliography ............................

Abstract:
Nowadays, ransomware attacks are increasing rapidly. They damage critical infrastructures and organizations all over the world. Ransomware main target is encrypting important files on the targeted victim machine using encryption techniques to encrypt important files. Subsequently, a ransom-note displayed to the victim requesting payment to attacker in order to get the decryption key. Hence, ransomware attacks detection and prevention become crucial challenges for information security researchers.
This research presents new rule-based detection framework for ransomware attacks. The decision rules of the presented framework are relying on static properties acquired from ransomware files. Once the scanned sample reached the threshold specified by rules, logical operations evaluates the triggered rule. Based on the logical operations results, a score is given to each file. Score given for each sample represents the certainty whether this file can be classified as a ransomware or not. Scores assigned to samples can be from critical to low. Various ransomware families have been detected with high accuracy and detection ratio using the presented framework.

Text in English, abstracts in English.

There are no comments on this title.

to post a comment.