DETECTING RANSOMWARE THROUGH POWER ANALYSIS

Download
Author
Melton, Jacob D.
Date
2018-06Advisor
Cristi, Roberto
Roth, John D.
Metadata
Show full item recordAbstract
Cyber criminals are increasingly using malicious programs to take control of and exploit individuals’, businesses’, and governments’ data. A large portion of malware is a type called ransomware, which finds a way to restrict the infected user’s access to data until a payment is obtained. Current detection solutions include programs that analyze file system changes and registry events, employ honeypot techniques, and identify anomalies in network patterns. This research presents an algorithm developed to detect ransomware by analyzing a computer’s power consumption. Specifically, the algorithm identifies features of the computer’s power consumption that are indicative of encryption operations. We can successfully identify encryption of files with sizes of 500MB and greater with a high degree of success. By applying our encryption detection algorithm to the Cryptographic Ransomware, we are able to successfully identify the execution of WannaCry Ransomware samples.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Linear optimization and image reconstruction
Rhoden, Christopher A. (Monterey, California. Naval Postgraduate School, 1994-06);The Simplex algorithm, developed by George B. Dantzig in 1947 represents a quantum leap in the ability of applied scientists to solve complicated linear optimization problems. Subsequently, its utility in solving finite ... -
Implementation of a multi-robot coverage algorithm on a two-dimensional, grid-based environment
Huang, Jo-Wen (Monterey, California: Naval Postgraduate School, 2017-06);With the development and advancement in the technology of control and multi-robot systems, robot agents are likely to take over mine countermeasure (MCM) missions one day. The path planning coverage algorithm is an essential ... -
Motion planning and dynamic control of the Nomad 200 mobile robot in a laboratory environment
Tan, Ko-Cheng (Monterey, California. Naval Postgraduate School, 1996-06);Motion planning and control of a Nomad 200 mobile robot are studied in this thesis. The objective is to develop a motion planning and control algorithm that is able to move the robot from an initial configuration (position ...