Recent work described techniques that could be used by ransomware to evade behavioral ransomware detectors by using multiple benign-looking processes to cooperatively encrypt files. We designed and evaluated two classifiers that each detect the presence of ransomware that uses those techniques with greater than 99 percent recall and with 100 percent precision. One of the classifiers can also determine which processes are part of the ransomware with greater than 95 percent recall but with a significant trade-off between precision and speed, achieving 92.4 percent precision after hundreds of files are encrypted. We prepared for a user study to collect a new dataset, developing the necessary client and server software.

Creator

• LaPointe, Ryan R.

Contributors

• Shue, Craig A.
• DeCarli, Lorenzo

Degree

• MS

Unit

• Computer Science

Publisher

• Worcester Polytechnic Institute

Identifier

• etd-20521

Keyword

• ransomware

Advisor

• DeCarli, Lorenzo

Defense date

• 2021-05-06

Year

• 2021

Date created

• 2021-04-29

Resource type

• Thesis

Rights statement

• In Copyright