DiVA

diva-portal.org

Digitala Vetenskapliga Arkivet

EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Local And Network Ransomware Detection Comparison
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för datavetenskap.
2019 (Engelska)Självständigt arbete på grundnivå (kandidatexamen), 10 poäng / 15 hpStudentuppsats (Examensarbete)
Abstract [en]

Background. Ransomware is a malicious application encrypting important files on a victim's computer. The ransomware will ask the victim for a ransom to be paid through cryptocurrency. After the system is encrypted there is virtually no way to decrypt the files other than using the encryption key that is bought from the attacker.

Objectives. In this practical experiment, we will examine how machine learning can be used to detect ransomware on a local and network level. The results will be compared to see which one has a better performance.

Methods. Data is collected through malware and goodware databases and then analyzed in a virtual environment to extract system information and network logs. Different machine learning classifiers will be built from the extracted features in order to detect the ransomware. The classifiers will go through a performance evaluation and be compared with each other to find which one has the best performance.

Results. According to the tests, local detection was both more accurate and stable than network detection. The local classifiers had an average accuracy of 96% while the best network classifier had an average accuracy of 89.6%.

Conclusions. In this case the results show that local detection has better performance than network detection. However, this can be because the network features were not specific enough for a network classifier. The network performance could have been better if the ransomware samples consisted of fewer families so better features could have been selected.
Ort, förlag, år, upplaga, sidor
2019. , s. 26
Nyckelord [en]
Ransomware, Detection, Machine Learning
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:bth-18291OAI: oai:DiVA.org:bth-18291DiVA, id: diva2:1333153
Ämne / kurs
DV1478 Kandidatarbete i datavetenskap
Utbildningsprogram
DVGIS IT-säkerhet
Handledare
Examinatorer
Tillgänglig från: 2019-07-26 Skapad: 2019-06-30 Senast uppdaterad: 2019-07-26Bibliografiskt granskad

Open Access i DiVA

BTH2019Ahlgren(339 kB)1894 nedladdningar
Filinformation
Filnamn FULLTEXT02.pdfFilstorlek 339 kBChecksumma SHA-512
2078ab6b640c832ebd1c720e218da35efd2c69423b487b86e8fc82df444a9033725834d9505df365aabcceb3e6628ef18f31d83b4f9756309ed1e04d552528d6
Typ fulltextMimetyp application/pdf

Av organisationen
Institutionen för datavetenskap
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 1896 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 1991 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Om DiVA portal
|
Om DiVA-konsortiet