PhD Dissertation Defense: Techniques and Solutions for Addressing Ransomware Attacks
Title: PhD Dissertation Defense: Techniques and Solutions for Addressing Ransomware Attacks
Speaker: Amin Kharraz, Northeastern University, College of Computer and Information Science PhD Candidate
Location: Northeastern University, 805 Columbus Avenue, 632 Interdisciplinary Science and Engineering Complex (ISEC), Boston, Massachusetts 02120
Ransomware is a form of extortion-based attack that locks the victim’s digital resources and requests money to release them. Although the concept of ransomware is not new (i.e., such attacks date back at least as far as the 1980s), this type of malware has recently experienced a resurgence in popularity. In fact, over the last few years, a number of high-profile ransomware attacks were reported. Very recently, WannaCry ransomware infected thousands of vulnerable machines around the world, and substantially disrupted critical services such as British healthcare system. Given the size and variety of threats we are facing today, having solutions to effectively detect and analyze unknown ransomware attacks seems necessary.
In this thesis, we argue that it is possible to develop novel defense mechanisms, and protect user data from a large number of cryptographic ransomware attacks. To support this claim, in the first part of the thesis, we perform an evolutionary-based analysis to understand the destructive behavior of ransomware attacks. We show that by monitoring the interaction of malicious processes with the operating system, it is possible to design practical defense mechanisms that could stop even very successful cryptographic ransomware attacks.
In the second part, we propose a novel dynamic analysis system, called Unveil, that is designed to analyze ransomware attacks, and model their interactions. In the third and the last part, we propose an end-point framework, called Redemption, to protect user data from ransomware attacks. We present an operating system-independent design, and also provide implementation details which show that such lightweight solutions could be integrated into existing operating systems while achieving zero data loss in a large number of successful ransomware attacks.
About the Speaker
Amin is a PhD student in the Information Assurance program at Northeastern University, advised by Professors Engin Kirda and William Robertson. His research interest lies in the area of systems security with focus on malware detection and web.
Manuel Egele (Boston University)
Wednesday, December 6, 2017 at 2:00pm