Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Master's Thesis |
| Scope | Discipline-based scholarship |
| Title | AI-powered Ransomware to Optimize its Impact on IoT Spectrum Sensors |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Business, Economics and Informatics |
| Date | 2023 |
| Abstract Text | This work aims to investigate the feasibility of exploiting reinforcement learning (RL) to improve the impact of ransomware on a target device while evading dynamic detection methods such as behavioral fingerprinting-based anomaly detection (AD). Given the constantly growing number of connected resource-constrained devices, such as Internet of Things (IoT) devices, and the significant rise in ransomware attacks over the past years, the importance of investigating ransomware attacks and corresponding defense approaches is evident. So far, most related research has been confined to exploring unethical artificial intelligence (AI) systems instead of analyzing the possibilities of using AI for launching optimized malware attacks. This work covers the mentioned limitations and introduces Ransomware Optimized with AI for Resource-constrained devices (ROAR), an RL framework to hide ransomware from dynamic detection mechanisms and optimize its impact on the target device. ROAR has been deployed in a real-world IoT crowdsensing scenario, including a Raspberry Pi 4 as a spectrum sensor. The Raspberry Pi was infected with ROAR, and behavioral data were collected from the target device to facilitate environment simulation. The results obtained by executing prototypes of the RL agent have been aggregated, and the corresponding plots are discussed and compared. These findings suggest that no relation exists between individual actions within an episode and that discounting future rewards does not improve performance in this particular RL problem. Overall, this work demonstrates the feasibility of optimizing ransomware attacks with RL and the effectiveness of the resulting evasion capabilities. The findings derived from the collected results hold in a simulated environment and when the agent is deployed in a real scenario. To our knowledge, this work is the first to investigate the possibilities of supporting malware attacks with RL during the attack phase. Further studies are needed to investigate additional optimizations of the RL model, efficiency improvements to the underlying ransomware implementation, and the feasibility of attacking more powerful devices. |
| PDF File |
Download
|
| Export |
BibTeX
|