Detecting Ransomware Through Power Analysis

Abstract

Cyber criminals are increasingly using malicious programs to take control of and exploit individuals, businesses, and governments data. A large portion of malware is a type called ransomware, which finds away to restrict the infected users access to data until a payment is obtained. Current detection solutions include programs that analyze file system changes and registry events, employ honeypot techniques, and identify anomalies in network patterns. This research presents an algorithm developed to detect ransom ware by analyzing a computers power consumption. Specifically, the algorithm identifies features of the computers power consumption that are indicative of encryption operations. We can successfully identify encryption of files with sizes of 500MB and greater with a high degree of success. By applying our encryption detection algorithm to the Cryptographic Ransomware, we are able to successfully identify the execution of WannaCry Ransomware samples.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2018
Accession Number
AD1060003

Entities

People

  • Jacob D Melton

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Accuracy
  • Algorithms
  • Central Processing Units
  • Computers
  • Cryptography
  • Cyberattacks
  • Cybersecurity
  • Detection
  • Electrical Engineering
  • Energy Consumption
  • Feature Extraction
  • Field Programmable Gate Arrays
  • Information Systems
  • Internet
  • Machine Learning
  • Malware
  • Operating Systems
  • Signal Processing
  • Supervised Machine Learning
  • United States Naval Academy

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Oncology and Biomarker-Based Cancer Detection.
  • Sensor Fusion and Tracking Systems.

Technology Areas

  • Cyber