- DSpace Home
- →
- E-Theses
- →
- SEECS
- →
- Information Security
- →
- MS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Mansha, Ayesha | |
| dc.date.accessioned | 2022-10-18T08:02:33Z | |
| dc.date.available | 2022-10-18T08:02:33Z | |
| dc.date.issued | 2022 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/31083 | |
| dc.description.abstract | The number of incidents involving ransomware has reached an alarming level. Organi zations worldwide have suffered financial loss as a result of having their data encrypted by this type of malware. Some organizations have had no choice but to pay exorbitant sums to obtain the decryption key and restore access to their data. Others have not been so fortunate and have had their private data published online, deleted, or left per manently inaccessible. One type of ransomware, called the locker ransomware, has a slightly different mode of operation. Instead of encrypting the victim’s data, it locks the victim’s system or files. A ransom is demand in return for restoration of access. In order to address the threat posed by locker ransomware, we propose a simple and automated approach for their detection and prediction. We collected and analysed be haviour of locker ransomware and benign software in a sandbox environment. The APIs called and the registry keys triggered were recorded. The data was then pre-processed, refined, and compiled into a dataset. The Locker Ransomware Detection and Prediction Algorithm (LRDPA) is then implemented. This algorithm contained two tiers. First tier implemented static detection by comparing the hash digest of a suspect application with those stored in the signature database. This enabled quick and accurate detection of known locker ransomwares. The second tier implemented prediction and comprised of a Machine Learning (ML) model trained using dynamic behavioural data contained in the dataset. This data consisted of 275 APIs called and the 21,780 Registry keys triggered. The data was then fed to the RF algorithm with 10 fold cross validation. The resulting LRDPA model was evaluated using several metrics. To the best of our knowledge, its accuracy of 99.44% is higher than any existing single ML model-based study. In future, the performance of LRDPA can be improved with the expansion of the dataset and implementation of additional feature selection | en_US |
| dc.description.sponsorship | Dr. Sana Qadir | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | School of Electrical Engineering and Computer Sciences (SEECS) NUST | en_US |
| dc.subject | malware, ransomware, locker, api calls, registry keys | en_US |
| dc.title | Detection and Prediction of Locker Ransomware | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MS [146]