Ransomware : a system centric detection approach

Cardinal Scholar

Show simple item record

dc.contributor.advisor Zage, Dolores M.
dc.contributor.author Cromis, Brian R.
dc.date.accessioned 2017-05-09T13:02:54Z
dc.date.available 2017-05-09T13:02:54Z
dc.date.issued 2017-05-06
dc.identifier.uri http://cardinalscholar.bsu.edu/handle/123456789/200699
dc.description.abstract There are three approaches taken to analyze defenses against ransomware: signature based patterns, similar to virus detection; observing execution behavior, such as deleting a large number of files and changing file types; and a data-centric method that watches for the changes to the contents of the victim’s files. A fourth method currently being investigated focuses on the network connection used between the ransomware payload and its associated Command & Control server. In order to fully understand ransomware’s operation, researchers need to use dynamic analysis which has its own risks when dealing with known/unknown ransomware samples. Without the use of dynamic analysis, researchers are limited to static analysis of ransomware samples which can form the basis for some types of detection techniques. However, to test these techniques, these samples still require execution. Therefore, a fully dedicated system that would contain the sample’s potential damage, a ransomware suite called SylverWare, was created to test ransomware samples. With the SylverWare ransomware sample, the different detection approaches were studied. In each case, SylverWare was shown to be able to circumvent each detection method. It can be said that SylverWare is the Achilles’ heel of ransomware detection.
dc.description.sponsorship Department of Computer Science
dc.description.tableofcontents What is ransomware? -- Ransomware propagation -- Three main encryption operation variants -- Current defenses -- Related work -- Creation of sample ransomware -- SylverWare : custom ransomware for analysis -- Overview of Sylverware's operation -- Static analysis of SylverWare -- SylverWare's infection success against current detection methods.
dc.subject.lcsh Malware (Computer software) -- Identification.
dc.subject.lcsh Intrusion detection systems (Computer security)
dc.subject.other SylverWare (Computer program)
dc.title Ransomware : a system centric detection approach en_US
dc.description.degree Thesis (M.S.) en_US
dc.identifier.cardcat-url http://liblink.bsu.edu/uhtbin/catkey/1851499


Files in this item

This item appears in the following Collection(s)

  • Master's Theses [5454]
    Master's theses submitted to the Graduate School by Ball State University master's degree candidates in partial fulfillment of degree requirements.

Show simple item record

Search Cardinal Scholar


Browse

My Account