Executive Summary : | The ransomware attacks are evolved as a serious cyber threat for the common online users, industries, and governments. On average this attack impacts the online users, governments, and global organizations with 350 percent annual growth rate. These factors clearly indicate the need for developing a robust protection system against this critical malware.
Most of the protection systems against the ransomware today are designed based on the passive or signature-based analysis. The signatures are commonly generated offline based the code patterns present in the known ransomware and stored in the signature repository. The malicious executables are identified as ransomware only when there is an explicit signature match with an entry in the repository. But, these techniques badly fails to detect the ransomware that comes with new variants, deployed code obfuscation techniques, and designed for the targeted attack. These shortcomings of the signature based systems can be addressed by developing a protection system that deploys effective behavior based analysis.
The proposed system deploys a behavior-based paradigm to detect the active ransomware. The system monitors the behavior of active programs towards the user files, retention state, its lateral movement, and system resources. These behavior information are automatically analyzed to detect the presence of the ransomware. To facilitate the behavior based ransomware detection, this project also involves developing a unique testbed to effectively monitor the behaviour of ransomware families. |