ORCID Identifier(s)

0000-0003-1535-9019

Graduation Semester and Year

2017

Language

English

Document Type

Thesis

Degree Name

Master of Science in Computer Science

Department

Computer Science and Engineering

First Advisor

Jiang Ming

Abstract

Ransomware is a faster growing threat that encrypts user’s files and locks the computer and holds the key required to decrypt the files for ransom. Over the past few years, the impact of ransomware has increased exponentially. There have been several reported high profile ransomware attacks, such as CryptoLocker, CryptoWall, WannaCry, Petya and Bad Rabbit which have collectively cost individuals and companies well over a billion dollars according to FBI. As the threat of ransomware has become more prevalent, security companies and researchers have begun proposing new approaches for detection and prevention of ransomware. However, these approaches generally lack dynamicity and are either prone to a high false positive rate, or they detect ransomware after some amount of data loss has occurred. This research represents a dynamic approach to ransomware analysis and is specifically developed to detect ransomware on the user’s data. It starts by generating an artificial user environment using Cuckoo Sandbox and monitoring system behavior using Process Monitor to analyze ransomware in its early stages before it interacts with the user’s files. By utilizing a Cuckoo sandbox with Process Monitor, I can generate a detailed report of system activities from which ransomware behavior is analyzed. This model also keeps a record of file access rates and other file-related details in order to track potentially malicious behavior. In this paper, I demonstrate the ability of the model to identify Ransomware by providing a training set that consist of known ransomware families and samples listed on VirusTotal.

Keywords

Ransomware, Malware, Dynamic analysis, Antivirus

Disciplines

Computer Sciences | Physical Sciences and Mathematics

Comments

Degree granted by The University of Texas at Arlington

27184-2.zip (605 kB)

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.