Graduation Semester and Year
2017
Language
English
Document Type
Thesis
Degree Name
Master of Science in Computer Science
Department
Computer Science and Engineering
First Advisor
Jiang Ming
Abstract
Ransomware is a faster growing threat that encrypts user’s files and locks the computer and holds the key required to decrypt the files for ransom. Over the past few years, the impact of ransomware has increased exponentially. There have been several reported high profile ransomware attacks, such as CryptoLocker, CryptoWall, WannaCry, Petya and Bad Rabbit which have collectively cost individuals and companies well over a billion dollars according to FBI. As the threat of ransomware has become more prevalent, security companies and researchers have begun proposing new approaches for detection and prevention of ransomware. However, these approaches generally lack dynamicity and are either prone to a high false positive rate, or they detect ransomware after some amount of data loss has occurred. This research represents a dynamic approach to ransomware analysis and is specifically developed to detect ransomware on the user’s data. It starts by generating an artificial user environment using Cuckoo Sandbox and monitoring system behavior using Process Monitor to analyze ransomware in its early stages before it interacts with the user’s files. By utilizing a Cuckoo sandbox with Process Monitor, I can generate a detailed report of system activities from which ransomware behavior is analyzed. This model also keeps a record of file access rates and other file-related details in order to track potentially malicious behavior. In this paper, I demonstrate the ability of the model to identify Ransomware by providing a training set that consist of known ransomware families and samples listed on VirusTotal.
Keywords
Ransomware, Malware, Dynamic analysis, Antivirus
Disciplines
Computer Sciences | Physical Sciences and Mathematics
License
This work is licensed under a Creative Commons Attribution-NonCommercial-Share Alike 4.0 International License.
Recommended Citation
Kardile, Ashwini Balkrushna, "CRYPTO RANSOMWARE ANALYSIS AND DETECTION USING PROCESS MONITOR" (2017). Computer Science and Engineering Theses. 35.
https://mavmatrix.uta.edu/cse_theses/35
Comments
Degree granted by The University of Texas at Arlington