dc.contributor.author |
Al Sabeh Ali Mazhar |
dc.date.accessioned |
2021-09-23T08:57:08Z |
dc.date.available |
2021-09-23T08:57:08Z |
dc.date.issued |
2019 |
dc.date.submitted |
2019 |
dc.identifier.other |
b25897895 |
dc.identifier.uri |
http://hdl.handle.net/10938/23135 |
dc.description |
Thesis. M.S. American University of Beirut. Department of Computer Science 2019. T:7156. |
dc.description |
Advisor : Dr. Haidar Safa; Professor, Computer Science ; Co-Advisor : Dr. Elias Bou-Harb, Associate Professor, Computer Science – Florida Atlantic University ; Members of Committee : Dr. Mohamad El Baker Nassar; Assistant Professor, Computer Science ; Dr. Wassim El Hajj; Associate Professor, Computer Science. |
dc.description |
Includes bibliographical references (leaves 88-93) |
dc.description.abstract |
Ransomware attacks cost businesses more than $75 billion-year, and it is predicted to cost $6 trillion-year by 2021. These numbers demonstrate the havoc produced by ransomware on a large number of sectors and urge security researches to tackle it. Several ransomware detection approaches have been proposed in the literature that interchange between static and dynamic analysis. Recently, ransomware attacks were shown to fingerprint the execution environment before they attack the system to counter dynamic analysis. In this thesis, we exploit the behavior of contemporary ransomware to prevent its attack on real systems and thus avoid the loss of any data. We explore a set of ransomware-generated artifacts that are launched to sniff the surrounding. Furthermore, we design, develop, and evaluate an approach that monitors the behavior of a program by intercepting the called Windows APIs. Consequently, we determine in real-time if the program is trying to inspect its surrounding before the attack, and abort it immediately prior to the initiation of any malicious encryption or locking. Through empirical evaluations using real and recent ransomware samples, we study how ransomware and benign programs inspect the environment. Additionally, we demonstrate how to prevent ransomware with a low false positive rate. We make the developed approach available to the research community at large through GitHub to strongly promote cyber security defense operations and for wide-scale evaluations and enhancements. |
dc.format.extent |
1 online resource (xiii, 93 leaves) : illustrations |
dc.language.iso |
en |
dc.subject.classification |
T:007156 |
dc.subject.lcsh |
Data protection. |
dc.subject.lcsh |
Computer security. |
dc.subject.lcsh |
Data encryption (Computer science) |
dc.title |
Exploiting ransomware paranoia for execution prevention |
dc.type |
Thesis |
dc.contributor.department |
Department of Computer Science |
dc.contributor.faculty |
Faculty of Arts and Sciences. |
dc.contributor.institution |
American University of Beirut. |