ORCID

0009-0002-3731-4575

Date of Award

2025

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Safwan Wshah

Abstract

Ransomware has become one of the most dangerous and pervasive threats faced by organizations today. This type of malware inflicts devastating impacts on individuals, corporations, and governments alike. Among the various types of ransomware, this master thesis research focuses specifically on crypto-ransomware. These attacks employ cryptographic techniques to encrypt users’ data and files, denying access until a ransom is paid. Upon payment, victims are typically provided with a decryption key to restore their files. Crypto-ransomware has evolved significantly in both volume and sophistication, increasingly bypassing modern cyber defenses and challenging the effectiveness of inci dent response strategies. While numerous approaches have been tested to mitigate its impact, the continuous emergence of new ransomware families necessitates innovative solutions. Deep learning techniques that leverage behavioral patterns common to ransomware families present a promising direction for classification approaches. Recent research has explored the use of deep learning for both detection and classification tasks. However, most existing methods rely on context-based features for detection and seldom incorporate behavior-based features that capture the temporal dynamics of ransomware attacksâfeatures that are essential for effective classification and profiling. Focusing on ransomware family classification through these behavior-based features is critical for achieving a deeper understanding of ransomware behavior, providing a valuable foundation for forensic profiling, attribution, and more effective incident response and recovery workflows. This master’s thesis aims to achieve three primary objectives. First, we characterize the key features defining the behavior of 10 crypto-ransomware families. Second, Generate and prepare a comprehensive dataset of ransomware file induced operations. Third, we developed a deep learning architecture capable of classifying these attacks into their respective families with an overall precision score and F-measure of 98.5%

Language

en

Number of Pages

129 p.

Available for download on Saturday, August 01, 2026

Share

COinS