| 000 | 07572nam a22002537a 4500 | ||
|---|---|---|---|
| 008 | 210125b2019 a|||f bm|| 00| 0 eng d | ||
| 040 |
_aEG-CaNU _cEG-CaNU |
||
| 041 | 0 |
_aeng _beng |
|
| 082 | _a658 | ||
| 100 | 0 |
_aMay Medhat Mohamed _9306 |
|
| 245 | 1 |
_aA New Static-Based Framework for Ransomware Detection _cMay Medhat Mohamed |
|
| 260 | _c2019 | ||
| 300 |
_a73 p. _bill. _c21 cm. |
||
| 500 | _3Supervisor: Nashwa Abd El-Baki | ||
| 502 | _aThesis (M.A.)—Nile University, Egypt, 2019 . | ||
| 504 | _a"Includes bibliographical references" | ||
| 505 | 0 | _aContents: Abstract ........................................................................................................................................... v Acknowledgments .......................................................................................................................... vii Ransomware................................................................................................................................... 1 1.1 Ransomware Types.............................................................................................................. 1 1.2 Ransomware infection vectors ............................................................................................ 3 1.3 Ransomware Attack............................................................................................................. 4 1.3.1 Ransomware Infection Execution .................................................................................... 5 1.3.2 Ransomware targeted files.............................................................................................. 5 1.3.3 Ransomware encryption process .................................................................................... 5 1.4 Conclusion ........................................................................................................................... 6 Background and Related Works ...................................................................................................... 7 2.1 Ransomware analysis .......................................................................................................... 7 2.1.1 Static analysis .................................................................................................................. 7 2.1.2 Dynamic analysis ............................................................................................................. 8 2.1.3 Hybrid analysis ................................................................................................................. 8 2.1.4 Research analysis and detection technique .................................................................... 9 2.2 Related Work ....................................................................................................................... 9 2.2.1 Ransomware evolution .................................................................................................... 9 2.2.2 Ransomware vs Crypto-Currencies ............................................................................... 10 2.2.3 Ransomware as a service (RAAS) .................................................................................. 12 2.2.4 Ransomware vs Phones ................................................................................................. 12 2.2.5 Ransomware vs Internet of things (IOT)........................................................................ 13 2.2.6 Ransomware analysis and detection ............................................................................. 13 2.2.7 Ransomware mitigation ................................................................................................ 18 2.2.8 Ransomware recovery ................................................................................................... 20 2.2.9 Ransomware research directions summary .................................................................. 20 2.3 Research problem statement ............................................................................................ 21 2.4 Conclusion ......................................................................................................................... 22 Ransomware detection framework .............................................................................................. 25 3.1 Data set selection .............................................................................................................. 25 3.2 Features selection ............................................................................................................. 28 3.3 Ransomware detection framework ................................................................................... 33 3.4 Framework Case Studies ................................................................................................... 36 3.4.1 BadRabbit ransomware case ......................................................................................... 36 3.4.2 Cryakl ransomware case ................................................................................................ 39 3.5 Conclusion ......................................................................................................................... 41 Framework Evaluation .................................................................................................................. 43 4.1 Framework Performance Metrics ..................................................................................... 43 4.2 Training set results ............................................................................................................ 45 4.3 Testing set results .............................................................................................................. 70 4.4 Framework results comparison ......................................................................................... 73 Conclusions and Future Work ....................................................................................................... 75 Bibliography ............................ | |
| 520 | 3 | _aAbstract: Nowadays, ransomware attacks are increasing rapidly. They damage critical infrastructures and organizations all over the world. Ransomware main target is encrypting important files on the targeted victim machine using encryption techniques to encrypt important files. Subsequently, a ransom-note displayed to the victim requesting payment to attacker in order to get the decryption key. Hence, ransomware attacks detection and prevention become crucial challenges for information security researchers. This research presents new rule-based detection framework for ransomware attacks. The decision rules of the presented framework are relying on static properties acquired from ransomware files. Once the scanned sample reached the threshold specified by rules, logical operations evaluates the triggered rule. Based on the logical operations results, a score is given to each file. Score given for each sample represents the certainty whether this file can be classified as a ransomware or not. Scores assigned to samples can be from critical to low. Various ransomware families have been detected with high accuracy and detection ratio using the presented framework. | |
| 546 | _aText in English, abstracts in English. | ||
| 650 | 4 |
_aInformation Security _9294 |
|
| 655 | 7 |
_2NULIB _aDissertation, Academic _9187 |
|
| 690 |
_aInformation Security _9294 |
||
| 942 |
_2ddc _cTH |
||
| 999 |
_c8867 _d8867 |
||