DETECTING RANSOMWARE THROUGH POWER ANALYSIS
Loading...
Authors
Melton, Jacob D.
Subjects
solid-state drive
power analysis
ransomware
encryption
power analysis
ransomware
encryption
Advisors
Cristi, Roberto
Roth, John D.
Date of Issue
2018-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Cyber criminals are increasingly using malicious programs to take control of and exploit individuals’, businesses’, and governments’ data. A large portion of malware is a type called ransomware, which finds a way to restrict the infected user’s access to data until a payment is obtained. Current detection solutions include programs that analyze file system changes and registry events, employ honeypot techniques, and identify anomalies in network patterns. This research presents an algorithm developed to detect ransomware by analyzing a computer’s power consumption. Specifically, the algorithm identifies features of the computer’s power consumption that are indicative of encryption operations. We can successfully identify encryption of files with sizes of 500MB and greater with a high degree of success. By applying our encryption detection algorithm to the Cryptographic Ransomware, we are able to successfully identify the execution of WannaCry Ransomware samples.
Type
Thesis
Description
Series/Report No
Department
Electrical and Computer Engineering (ECE)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.