Electronic Theses and Dissertations

Date

2021

Document Type

Dissertation

Degree Name

Doctor of Philosophy

Department

Computer Science

Committee Chair

Dipankar Dasgupta

Committee Member

Vasile Rus

Committee Member

Kan Yang

Committee Member

Myounggyu Won

Abstract

Malware analysis and detection is a critical capability every business and organization needs to defend itself against a growing number of cyber threats. For example, ransomware, an advanced form of malware, makes hostage of user's data and asks ransom, usually in crypto-currencies, to remain anonymous. Significant efforts have been undertaken to combat these attacks, but the threat factors are dynamic, and there lacks intelligent approach to defeat them. Thus, my study is focused on designing a defensive solution against this advanced malware, i.e., ransomware. Many tools and techniques exist that claim to detect and respond to malware. However, such methods rely primarily on static features, rigid signatures, and non-machine learning approaches. Recent tools advertise to have used machine learning techniques but often lack the explainable component, often miss the zero-day malware, and have high false positives. A smart artificial intelligence (AI) technique with deep analysis, worthy feature analysis, and selection could have provided a heightened sense of proper security. This study uses an AI-powered hybrid approach to detect ransomware. Specifically, I proposed a deep inspection approach for multi-level profiling of crypto-ransomware, which captures the distinct features at DLL (Dynamic Link Library), function call, and assembly levels. I showed how the code segments are correlated at these levels for studied samples. My hybrid multi-level analysis approach includes advanced static and dynamic methods and a novel strategy of analyzing behavioral chains with AI techniques. Moreover, association rule mining, natural language processing techniques, and machine learning classifiers are integrated for building ransomware validation and detection model. Experiments with samples from VirusTotal exhibited that multi-level profiling can better detect ransomware samples among other malware families and benign applications with higher accuracy and low false-positive rate. The multi-level feature sequence can be extracted from most of the applications running in the different operating systems; therefore, I believe that my method can detect ransomware and other malware families for devices on multiple platforms.

Comments

Data is provided by the student.

Library Comment

Dissertation or thesis originally submitted to ProQuest

Share

COinS