Simon Davies S.Davies@napier.ac.uk
Visiting Fellow
Ransomware poses a severe and evolving threat to cyber security, demanding continuous advancements in analysis and detection techniques. This thesis successfully tackles several critical research gaps in this domain, offering essential resources and findings for researchers aiming to enhance the effectiveness and resilience of ransomware mitigation strategies. Acknowledging the severity of the crypto-ransomware threat, an in-depth review of the current literature highlighted deficiencies in various methodologies, scarcity of up-to-date data sets, and limitations in existing detection systems, prompting the need for innovative solutions. The overarching aims of this thesis included evaluating existing tools, establishing experimental frameworks, exploring new ransomware detection techniques, and developing a novel accurate ransomware detection system.
The research yielded valuable insights and resources, such as the creation of the NapierOne data set, an asset which has already become a valuable addition to the tools used within the research community. The robust investigation conducted into the various techniques used in the calculation of entropy sheds light on calculation complexities, particularly when applied to ransomware detection. The novel approach applied to the analysis of generated file headers and the development of the unique Bit-Byte area classification method for file header analysis proved to be both accurate and efficient at detecting ransomware. The new effective technique of synthesising live forensic analysis together with malware analysis underscored the feasibility of recovering encryption keys from volatile memory. The practical implementation of these live forensic techniques showcases its adaptability and effectiveness, contributing to both the detection and recovery processes. The results and findings from preceding research were then combined in the development of the groundbreakingMajority Voting Ransomware Detection System. This system’s unique ability to aggregate results from multiple tests, including the Bit-Byte calculation and the forensic key recovery techniques led to an accuracy rate of 99.89%, a major breakthrough in ransomware detection. The system’s reliance on discrete calculations adds transparency and robustness, differentiating it fromconventional machine learningmodels.
This thesis delivers pioneering advancements in the realmof crypto-ransomware analysis, introducing novel insights like the Bit-Byte classification and the NapierOne data set resource amongst others. These contributions aimto provide the foundation for further research, providing valuable resources to support other researchers in developing robust techniques that effectively tackle the challenges inherent in combating crypto-ransomware.
Davies, S. Contributions to Crypto-Ransomware Analysis and Detection. (Thesis). Edinburgh Napier University. http://researchrepository.napier.ac.uk/Output/3790160
Thesis Type | Thesis |
---|---|
Deposit Date | Aug 22, 2024 |
Publicly Available Date | Jan 6, 2025 |
DOI | https://doi.org/10.17869/enu.2024.3790160 |
Public URL | http://researchrepository.napier.ac.uk/Output/3790160 |
Award Date | Oct 31, 2024 |
Contributions to Crypto-Ransomware Analysis and Detection
(4.6 Mb)
PDF
Comparison Of Common Mathematical Techniques Used In The Calculation Of File Entropy
(2022)
Presentation / Conference Contribution
Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification
(2022)
Journal Article
Review of Current Ransomware Detection Techniques
(2022)
Presentation / Conference Contribution
Exploring the Need For an Updated Mixed File Research Data Set
(2022)
Presentation / Conference Contribution
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
Apache License Version 2.0 (http://www.apache.org/licenses/)
Apache License Version 2.0 (http://www.apache.org/licenses/)
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search