Title page for etd-0729117-230140


[Back to Results | New Search]

URN etd-0729117-230140
Author Pan-Jo Chuang
Author's Email Address No Public.
Statistics This thesis had been viewed 5351 times. Download 0 times.
Department Information Management
Year 2017
Semester 1
Degree Master
Type of Document
Language zh-TW.Big5 Chinese
Title Ransomware Detection by Monitoring I/O Requests
Date of Defense 2017-07-25
Page Count 85
Keyword
  • Malware
  • Dynamic Detection
  • Ransomware
  • Abstract In recent years, the major security companies all report ransomware as one of major parts in their annual threat analysis reports. Large viruses spread network such as Botnet, Exploit Kits all set Ransomware as a terminal attack weapon. According to FBI conservative estimates, In the first half of 2016, ransomware caused more than one billion dollars damage around the world. Obviously, Ransomware is a huge threat of information security. To face to the rapid growth of ransomware’s evolution rate and unstoppable new varieties appearance, to develop an effective defense system of ransomware is imperative.
    Traditional anti-virus softwares in the aspect of facing ransomware threats have a lot of omissions, the method of static analysis and virus signatures cannot keep up with the endless stream of ransomware in the world software variants speed. In this situation, there came up with some academic papers focus on solving this situation with their detecting systems, but these systems are not design any reasonable resolution in their method to reduce the error malware detecting rate of benign software. It really cannot become a practical system. Therefore, this study defines the hypothesis and implements the effective ransomware detecting system while reducing the false detecting rate of benign software and containing the future applicability.
    In this study, it used Minifilter's architecture to monitor system IRPs (I/O request packets) to detect the ransomware. In addition of collecting the IRP Logs to analyze the threshold, the system also combined with the decoy folder to increase the detecting capability. Moreover, this study uses comparing the file types changing and entropy before and after of the file to reduce the error malware detecting rate of benign software.
    Advisory Committee
  • D. J. Guan - chair
  • Chun-I Fan - co-chair
  • Gu-Hsin Lai - co-chair
  • Bo-Chao Cheng - co-chair
  • Chia-Mei Chen - advisor
  • Files
  • etd-0729117-230140.pdf
  • Indicate in-campus at 99 year and off-campus access at 99 year.
    Date of Submission 2017-09-20

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys