Limited access: U-M users only
Access by request
Access via HathiTrust
Access via FulcrumTowards Runtime Classification of Ransomware
| dc.contributor.author | Balaji, Madhumitha | |
| dc.contributor.advisor | Anys Bacha | |
| dc.date.accessioned | 2021-05-04T15:45:02Z | |
| dc.date.available | 2021-05-04T15:45:02Z | |
| dc.date.issued | 2021-05-01 | |
| dc.identifier.uri | https://hdl.handle.net/2027.42/167353 | |
| dc.description.abstract | The availability of computer systems is constantly being challenged by cybercriminals who seek to disrupt access to this indispensable technology and the data they contain as a means for making profit. This trend has given rise to a new form of malware that is known as ransomware, an invasive type of malware that is designed to appropriate compute resources in return for a ransom. According to the U.S. Department of Homeland Security, ransomware represents the fastest growing malware threat to individuals and organizations. With the cost of ransomware attacks projected to exceed $20 billion in the year 2021, it is imperative to explore solutions that can defend against such malware. In this study, we evaluate the effectiveness of machine learning algorithms and their suitability for detecting ransomware on x86 platforms. We show that dynamically extracting instruction op- codes from execution traces can be harnessed for training machine learning models that can used to perform runtime detection of ransomware. We evaluate different machine learning models and demonstrate that tracking a limited number of instruction opcodes commonly used crypto- graphic are sufficient for reliably detecting ransomware with high accuracy. We show that our method can achieve high detection rates above 99% while evaluating our solution against real ransomware available in a state-of-the-art dataset from VirusTotal. | |
| dc.language | English | |
| dc.subject | Ransomware | |
| dc.subject | Dynamic analysis | |
| dc.subject | Instruction set architecture | |
| dc.subject | Machine learning | |
| dc.subject | Windows security | |
| dc.title | Towards Runtime Classification of Ransomware | |
| dc.type | Thesis | |
| dc.description.thesisdegreename | Master of Science (MS) | en_US |
| dc.description.thesisdegreediscipline | Computer and Information Science, College of Engineering & Computer Science | |
| dc.description.thesisdegreegrantor | University of Michigan-Dearborn | |
| dc.subject.hlbtoplevel | Computer Science | |
| dc.description.bitstreamurl | http://deepblue.lib.umich.edu/bitstream/2027.42/167353/1/Madhumitha Balaji - Final Thesis.pdf | en |
| dc.identifier.doi | https://dx.doi.org/10.7302/1028 | |
| dc.identifier.orcid | 0000-0003-0080-7982 | |
| dc.identifier.name-orcid | Balaji, Madhumitha; 0000-0003-0080-7982 | en_US |
| dc.working.doi | 10.7302/1028 | en |
| dc.owningcollname | Dissertations and Theses (Ph.D. and Master's) |
Files in this item
Remediation of Harmful Language
The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.
Accessibility
If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.