RanDeter : using novel statistical and physical controls to deter ransomware attacks : a thesis presented in partial fulfillment of the requirements for the degree of Master of Information Sciences in Software Engineering at Massey University, Auckland, New Zealand

dc.contributor.authorMcIntosh, Timothy Raymond
dc.date.accessioned2019-02-04T21:57:12Z
dc.date.available2019-02-04T21:57:12Z
dc.date.issued2018
dc.description.abstractCrypto-Ransomware are a type of extortion-based malware that encrypt victims’ personal files with strong encryption algorithms and blackmail victims to pay ransom to recover their files. The recurrent episodes of high-profile ransomware attacks like WannaCry and Petya, particularly on healthcare, government agencies and big corporates, have highlighted the immediate demand for effective defense mechanisms. In this paper, RANDETER is introduced as a novel anti-crypto-ransomware solution that deters ransomware activities, using novel statistical and physical controls inspired by the police anti-terrorism practice. Police try to maintain public safety by maintaining a constant presence to patrol key public areas, identifying suspects who exhibit out-ofordinary characteristics, and restricting access to protected areas. Ransomware are in many ways like terrorists; their attacks are unexpected, malicious and aim for the largest number of victims. It is possible to try to detect and deter crypto-ransomware by maintaining a constant surveillance on the potential victims – MBR and user files especially documents and photos. RANDETER is implemented as two compatible and complementary modules: PARTITION GUARD and FILE PATROL. PARTITION GUARD blocks modifications to the area of MBR on the booting disk. FILE PATROL checks all file activities of directories protected by RANDETER against a list of Recognized Processed with Multi-Tier Security Rules. Upon detection of violations of such rules, which may have been initiated by cryptoransomware as judged by FILE PATROL, FILE PATROL will freeze access of the monitored directories, terminate the offending processes, and resume access of those directories. Our evaluation demonstrated that RANDETER could ensure less and often no irrecoverable file damage by current ransomware families, while imposing less disk performance overheads, compared to existing competitor anti-ransomware implementations like CRYPTOLOCK, SHIELDFS and REDEMPTION. In addition, RANDETER was shown to be resilient against masquerading attacks and ransomware polymorphism.en_US
dc.identifier.urihttp://hdl.handle.net/10179/14236
dc.language.isoenen_US
dc.publisherMassey Universityen_US
dc.rightsThe Authoren_US
dc.subjectComputer securityen_US
dc.subjectData protectionen_US
dc.subjectComputer crimes -- Preventionen_US
dc.subjectCyberterrorism -- Preventionen_US
dc.subjectMalware (Computer software)en_US
dc.titleRanDeter : using novel statistical and physical controls to deter ransomware attacks : a thesis presented in partial fulfillment of the requirements for the degree of Master of Information Sciences in Software Engineering at Massey University, Auckland, New Zealanden_US
dc.typeThesisen_US
massey.contributor.authorMcIntosh, Timothy Raymond
thesis.degree.disciplineSoftware Engineeringen_US
thesis.degree.levelMastersen_US
thesis.degree.nameMaster of Information Sciences (MInfSc)en_US
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
McIntoshMInfScThesis.pdf
Size:
3.06 MB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
3.32 KB
Format:
Item-specific license agreed upon to submission
Description: