DETECTING RANSOMWARE THROUGH POWER ANALYSIS
Melton, Jacob D.
Roth, John D.
MetadataShow full item record
Cyber criminals are increasingly using malicious programs to take control of and exploit individuals’, businesses’, and governments’ data. A large portion of malware is a type called ransomware, which finds a way to restrict the infected user’s access to data until a payment is obtained. Current detection solutions include programs that analyze file system changes and registry events, employ honeypot techniques, and identify anomalies in network patterns. This research presents an algorithm developed to detect ransomware by analyzing a computer’s power consumption. Specifically, the algorithm identifies features of the computer’s power consumption that are indicative of encryption operations. We can successfully identify encryption of files with sizes of 500MB and greater with a high degree of success. By applying our encryption detection algorithm to the Cryptographic Ransomware, we are able to successfully identify the execution of WannaCry Ransomware samples.
Approved for public release. distribution is unlimited
Showing items related by title, author, creator and subject.
Rhoden, Christopher A. (Monterey, California. Naval Postgraduate School, 1994-06);The Simplex algorithm, developed by George B. Dantzig in 1947 represents a quantum leap in the ability of applied scientists to solve complicated linear optimization problems. Subsequently, its utility in solving finite ...
Huang, Jo-Wen (Monterey, California: Naval Postgraduate School, 2017-06);With the development and advancement in the technology of control and multi-robot systems, robot agents are likely to take over mine countermeasure (MCM) missions one day. The path planning coverage algorithm is an essential ...
Tan, Ko-Cheng (Monterey, California. Naval Postgraduate School, 1996-06);Motion planning and control of a Nomad 200 mobile robot are studied in this thesis. The objective is to develop a motion planning and control algorithm that is able to move the robot from an initial configuration (position ...