ORCID
0009-0002-3731-4575
Date of Award
2025
Document Type
Thesis
Degree Name
Master of Science (MS)
Department
Computer Science
First Advisor
Safwan Wshah
Abstract
Ransomware has become one of the most dangerous and pervasive threats faced by organizations today. This type of malware inflicts devastating impacts on individuals, corporations, and governments alike. Among the various types of ransomware, this master thesis research focuses specifically on crypto-ransomware. These attacks employ cryptographic techniques to encrypt users’ data and files, denying access until a ransom is paid. Upon payment, victims are typically provided with a decryption key to restore their files. Crypto-ransomware has evolved significantly in both volume and sophistication, increasingly bypassing modern cyber defenses and challenging the effectiveness of inci dent response strategies. While numerous approaches have been tested to mitigate its impact, the continuous emergence of new ransomware families necessitates innovative solutions. Deep learning techniques that leverage behavioral patterns common to ransomware families present a promising direction for classification approaches. Recent research has explored the use of deep learning for both detection and classification tasks. However, most existing methods rely on context-based features for detection and seldom incorporate behavior-based features that capture the temporal dynamics of ransomware attacksâfeatures that are essential for effective classification and profiling. Focusing on ransomware family classification through these behavior-based features is critical for achieving a deeper understanding of ransomware behavior, providing a valuable foundation for forensic profiling, attribution, and more effective incident response and recovery workflows. This master’s thesis aims to achieve three primary objectives. First, we characterize the key features defining the behavior of 10 crypto-ransomware families. Second, Generate and prepare a comprehensive dataset of ransomware file induced operations. Third, we developed a deep learning architecture capable of classifying these attacks into their respective families with an overall precision score and F-measure of 98.5%
Language
en
Number of Pages
129 p.
Recommended Citation
Awajan, Omar Arafat, "Ransomware Classification using Windows ETW and Deep Learning" (2025). Graduate College Dissertations and Theses. 2099.
https://scholarworks.uvm.edu/graddis/2099