Skip to content

AhsanAyub/irp-driven-ransomware-analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits

dataset

dataset

 
 

machine_learning

machine_learning

 
 

sequence_mining_analysis

sequence_mining_analysis

 
 

time_series_analysis

time_series_analysis

 
 

README.md

README.md

 
 

attribute_container.py

attribute_container.py

 
 

helper.py

helper.py

 
 

Repository files navigation

I/O Request Packet Driven Ransomware Analysis

This purpose of this project is to perform an exahaustive ransomware analysis through I/O Request Packet (IRP), low-level file system I/O logs. We aim to achieve the followings goals:

  • Time Series Analysis: Detection of the ransomware process early enough to claim real-time detection;
  • Heuristic Approach / Fuzzy Technique: Derive threshold value(s) of features space over time for the ransomware IRP logs compared with benign logs;
  • Sequence Mining / Pattern Mining: Devise an automated sequence from different ransomware samples that would aid early detection provided a sequence is matched for a given process; and
  • Machine Learning (Multiclass Classification): Detection of the ransomware families from the ransomware IRP logs.

Acknowledgement

We would like to thank Andrea Continella, Ph.D. to provide us with the datasets that we have used on this project. The research paper can be found here: SheildFS 2016.

About

This repo is created to perform I/O Request Packet (IRP) driven ransomware analysis where the IRP logs were collected during ransomware execution.

Topics

data-science machine-learning ransomware time-series-analysis classification-algorithims ransomware-detection ransomware-mitigation pattern-mining sequence-mining

Resources

Readme
Activity

Stars

11 stars

Watchers

3 watching

Forks

0 forks
Report repository

Languages