Ransomware detection and mitigation tool | Jesper B.S. Christensen, Niels Beuschau
| | Abstract | In computer science, ransomware is a field in constant development. Since antivirus and detection methods are constantly improved in order to detect and mitigate ransomware, the ransomware itself becomes equally better to avoid detection. Several new methods are implemented and tested in order to optimize the protection against ransomware on a regular basis.
The primary goal of this thesis is to create a tool able to detect and mitigate live ransomware. This ransomware already has infected the windows 10 system that this thesis tests upon. This tool will contain different methods of detection in order to identify a ransomware attack the fastest and stop that attack. The purpose of the created tool is neither to be an antivirus nor as robust as one, but solely to be a tool to detect and mitigate ransomware.
Since ransomware is a malware, to test it upon a system is a substantial thing to do, especially when doing many tests. Therefore all ransomwares are tested upon virtual machines, this means that all types of ransomware that has anti simulation methods and does not encrypt files when registering that it is a virtual machine, will not be tested in this thesis.
The different variants for the detection methods made, have been tested with 65 different ransomwares. The results for these variants has been found and analyzed and the ransomwares that the detection methods were tested upon has been analyzed as well. The result of this thesis is a solution that is able to detect active ransomwares and after a short delay stop the encryption process, thus stopping the active ransomware in 77% of all cases. | | Type | Master's thesis [Academic thesis] | | Year | 2017 | | Publisher | Technical University of Denmark, Department of Applied Mathematics and Computer Science | | Address | Richard Petersens Plads, Building 324, DK-2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk | | Series | DTU Compute M.Sc.-2017 | | Note | DTU supervisor: Christian D. Jensen, cdje@dtu.dk, DTU Compute | | Electronic version(s) | [pdf] | | Publication link | http://www.compute.dtu.dk/english | | BibTeX data | [bibtex] | | IMM Group(s) | Computer Science & Engineering |
|