Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Master's Thesis |
| Scope | Discipline-based scholarship |
| Title | Detection and Classification of Malware using File System Dimensions for MTD on IoT |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Business, Economics and Informatics |
| Date | 2023 |
| Abstract Text | The aim of this thesis is the design and implementation of a system that dynamically detects Ransomware based on file system activity. Implementation of custom overlay file system has made possible to log the file system activity of all processes in a form of comma-separated values (CSV) file. Features such as entropy of write operations, number of reads and number of write operations are used to train the classification models. Further, the overlay file system also serves the purpose of mitigating the attack. As soon as the model detects malicious activity, the overlay file system initiates a moving target defense strategy (MTD), which changes the name of a file after the file has been read by any process. This renders making any changes to the file impossible, which prevents the Ransomware from encrypting further user data. Additionally, the collected raw features are analyzed with respect to entropy of write operations as well as the number of reads and writes of different workloads. The file system operations for both malicious and benign workloads are put into perspective. The detection system has been deployed to a Raspberry Pi machine and has shown high performance in terms of speed of detection and accuracy of detection. Finally, the performance overhead of the detection system has been analyzed. With the detection system running, the speed of write operations has decreased two-fold in comparison to the machine running without the detection system. |
| PDF File |
Download
|
| Export |
BibTeX
|