All ETDs from UAB

Advisory Committee Chair

Ragib Hasan

Advisory Committee Members

Allen Johnston

Yogesh Vohra

David Littlefield

Jeffrey Walker

Document Type

Dissertation

Date of Award

2019

Degree Name by School

Doctor of Philosophy (PhD) School of Engineering

Abstract

Over the past decade, malicious software (malware) attacks have skyrocketed and increased at a considerably faster pace than predicted. The variety in the number of malware categories is one of the contributing factors to this rapid insurgence. According to Microsoft statistics, a range of 300,000-400,000 malware binaries is observed on average per day. With this increase, there is an unmet need for innovative approaches to detect new malware, as current nomenclature is not equipped to handle the prevention against continuous growth. Developing appropriate preventive measures to stop these malware attacks has been an ongoing struggle for security experts. The most prevalent and consistent method of the malware attacks is through a phishing email. Phishing emails are the most successful attacks because the target audience is humans rather than machines. Phishing emails are not restricted to stealing login credentials but also spread worms, spyware, trojans, and ransomware. During the past few years, phishing emails spreading ransomware with embedded links or attachments are at an all-time high. Ransomware is a form of malware that encrypts all data on end-users’ machines, seeking some form of compensation in return to decrypt files. The unexpected shift attracted the researcher to focus on the problem of phishing emails spreading ransomware and focus on creating a solution to combat the emails as well as the ransomware. A mindfulness training video is created to educate the end-users to prevent themselves against any phishing attack. Along with the training, a machine learning algorithm is created to safeguard against ransomware attacks in real-time with pre-defined patterns. During the testing, it was evident that ransomware re-uses the source code and is used as a service, as there were similar patterns observed from a large percentage of samples across several years. To summarize, despite the training, if the user clicks the phishing email with the embedded ransomware link or attachment, our machine learning algorithm (RANtrace) will be able to match the encryption pattern and terminate the running process.

Included in

Engineering Commons

Share

COinS