Thesis Details
Analýza síťové komunikace Ransomware
The focus of this work is crypto-ransomware; a variant of malware, an analysis of thismalware’s network communication, and the identification of means by which it may be detected in the network. The thesis describes the methodology and environment in which the malware’s network communications were studied. The first part of the thesis provides a network traffic analysis of this type of malware with a focus on HTTP and DNS communication, including anomalies that can be observed in the network during this malware’s activity. The thesis also includes a discussion of the user behavior of devices infected by this type of malware. The resulting data was used to identify and describe four detection methods that are able to recognize the malware from its network communication using the HTTP protocol. Finally, a description of several signatures that can be used as indicators of a possible infection by this malware are provided.
Malware, Ransomware, Crypto-ransomware, Crypto-malware, HTTP POST Check-in, DNS, WannaCry, Malware lab, TOR.
Bartík Vladimír, Ing., Ph.D. (DIFS FIT BUT), člen
Křivka Zbyněk, Ing., Ph.D. (DIFS FIT BUT), člen
Švéda Miroslav, prof. Ing., CSc. (DIFS FIT BUT), člen
Veselý Vladimír, Ing., Ph.D. (DIFS FIT BUT), člen
Zeman Václav, doc. Ing., Ph.D. (UTKO FEEC BUT), člen
@mastersthesis{FITMT20204,
author = "Michal \v{S}ruba\v{r}",
type = "Master's thesis",
title = "Anal\'{y}za s\'{i}\v{t}ov\'{e} komunikace Ransomware",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2017,
location = "Brno, CZ",
language = "czech",
url = "https://www.fit.vut.cz/study/thesis/20204/"
}