Skip to main content

Research Repository

Advanced Search

Contributions to Crypto-Ransomware Analysis and Detection

Davies, Simon

Authors



Abstract

Ransomware poses a severe and evolving threat to cyber security, demanding continuous advancements in analysis and detection techniques. This thesis successfully tackles several critical research gaps in this domain, offering essential resources and findings for researchers aiming to enhance the effectiveness and resilience of ransomware mitigation strategies. Acknowledging the severity of the crypto-ransomware threat, an in-depth review of the current literature highlighted deficiencies in various methodologies, scarcity of up-to-date data sets, and limitations in existing detection systems, prompting the need for innovative solutions. The overarching aims of this thesis included evaluating existing tools, establishing experimental frameworks, exploring new ransomware detection techniques, and developing a novel accurate ransomware detection system.
The research yielded valuable insights and resources, such as the creation of the NapierOne data set, an asset which has already become a valuable addition to the tools used within the research community. The robust investigation conducted into the various techniques used in the calculation of entropy sheds light on calculation complexities, particularly when applied to ransomware detection. The novel approach applied to the analysis of generated file headers and the development of the unique Bit-Byte area classification method for file header analysis proved to be both accurate and efficient at detecting ransomware. The new effective technique of synthesising live forensic analysis together with malware analysis underscored the feasibility of recovering encryption keys from volatile memory. The practical implementation of these live forensic techniques showcases its adaptability and effectiveness, contributing to both the detection and recovery processes. The results and findings from preceding research were then combined in the development of the groundbreakingMajority Voting Ransomware Detection System. This system’s unique ability to aggregate results from multiple tests, including the Bit-Byte calculation and the forensic key recovery techniques led to an accuracy rate of 99.89%, a major breakthrough in ransomware detection. The system’s reliance on discrete calculations adds transparency and robustness, differentiating it fromconventional machine learningmodels.
This thesis delivers pioneering advancements in the realmof crypto-ransomware analysis, introducing novel insights like the Bit-Byte classification and the NapierOne data set resource amongst others. These contributions aimto provide the foundation for further research, providing valuable resources to support other researchers in developing robust techniques that effectively tackle the challenges inherent in combating crypto-ransomware.

Citation

Davies, S. Contributions to Crypto-Ransomware Analysis and Detection. (Thesis). Edinburgh Napier University. http://researchrepository.napier.ac.uk/Output/3790160

Thesis Type Thesis
Deposit Date Aug 22, 2024
Publicly Available Date Jan 6, 2025
DOI https://doi.org/10.17869/enu.2024.3790160
Public URL http://researchrepository.napier.ac.uk/Output/3790160
Award Date Oct 31, 2024

Files






You might also like



Downloadable Citations