Skip to main content

Research Repository

Advanced Search

Dr Peter McLaren's Outputs (5)

Detection of Ransomware (2024)
Patent
Buchanan, B., McLaren, P., Russell, G., & Tan, Z. (2024). Detection of Ransomware. US20240152616A1

The present invention relates to a computer program product, a computing device and a method of detecting a file encrypted by ransomware by identifying a file write operation for a file on the computing device and determining if a predetermined numbe... Read More about Detection of Ransomware.

Investigations into Decrypting Live Secure Traffic in Virtual Environments (2019)
Thesis
McLaren, P. W. L. Investigations into Decrypting Live Secure Traffic in Virtual Environments. (Thesis). Edinburgh Napier University. http://researchrepository.napier.ac.uk/Output/2386517

Malicious agents increasingly use encrypted tunnels to communicate with external servers. Communications may contain ransomware keys, stolen banking details, or other confidential information. Rapid discovery of communicated contents through decrypti... Read More about Investigations into Decrypting Live Secure Traffic in Virtual Environments.

Deriving ChaCha20 Key Streams From Targeted Memory Analysis (2019)
Journal Article
McLaren, P., Buchanan, W. J., Russell, G., & Tan, Z. (2019). Deriving ChaCha20 Key Streams From Targeted Memory Analysis. Journal of Information Security and Applications, 48, Article 102372. https://doi.org/10.1016/j.jisa.2019.102372

There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memo... Read More about Deriving ChaCha20 Key Streams From Targeted Memory Analysis.

Decrypting Live SSH Traffic in Virtual Environments (2019)
Journal Article
Mclaren, P., Russell, G., Buchanan, W. J., & Tan, Z. (2019). Decrypting Live SSH Traffic in Virtual Environments. Digital Investigation, 29, 109-117. https://doi.org/10.1016/j.diin.2019.03.010

Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDe-... Read More about Decrypting Live SSH Traffic in Virtual Environments.

Mining malware command and control traces (2018)
Presentation / Conference Contribution
McLaren, P., Russell, G., & Buchanan, B. (2017, July). Mining malware command and control traces. Presented at 2017 Computing Conference

Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection o... Read More about Mining malware command and control traces.