Graduation Semester and Year

2019

Language

English

Document Type

Thesis

Degree Name

Master of Science in Computer Science

Department

Computer Science and Engineering

First Advisor

Jiang Ming

Abstract

Systems affected by malware in the past 10 years has risen from 29 million to 780 million, which tells us it is a rapidly growing threat. Viruses, ransomware, worms, backdoors, botnets, etc. all come under malware. Ransomware alone is predicted to cost $11.5 billion in 2019. As the downtime, data loss, and financial damages are rising, researchers continue to look for new ways to mitigate this threat. However, the common approaches have shown to yield high false positive rates or delayed detection rates resulting in data loss. My research explores a dynamic approach for early-stage ransomware detection by modeling its behavior using hardware performance counters with low overhead. The analysis begins on a bare-metal machine running ransomware which is pro led for hardware calls using Intel VTune Amplifier before it compromises the system. By using this approach, I am able to generate models using hardware performance counters extracted by VTuneTM on known ransomware samples collected from VirusTotal and Hybrid Analysis, and I use that data to train the detection system using machine learning techniques. I have shown that hardware performance counters can provide effective metrics for use in detecting and mitigating the ever-growing ransomware threat faced by the world while ensuring no data is lost.

Keywords

Ransomware, Hardware performance counters, Malware, Dynamic analysis, Static analysis, Anti-virus

Disciplines

Computer Sciences | Physical Sciences and Mathematics

Comments

Degree granted by The University of Texas at Arlington

Download

Share

COinS