Behaviour-based detection ofransomware attacks in the Cloud usingmachine learning

Popryho, Yaroslav, Popryho, Leonid

January 2023

Background: Ransomware attacks are a significant threat to digital informa-tion, and with the increasing adoption of cloud storage services, attackers now targetcloud environments. The existing literature on ransomware detection has primarilyfocused on local environments, and there is a limited body of research on applyingthese approaches to the cloud environment. Objectives: In this thesis, we aim to develop a behavior-based ransomware de-tection system for cloud environments, specifically focusing on Google Drive, usingmachine learning techniques. We will create a dedicated Google Workspace and uti-lize the Google Cloud Platform for developing the anomaly detection classifier. Methods: We will review related work in ransomware detection and machinelearning approaches to select suitable techniques for our research. Our anomaly de-tection classifier will analyze user activities in the cloud, such as file access patternsand permission changes, to detect deviations indicative of ransomware attacks. Results: We will validate our system’s performance by conducting experimentsin our Google Workspace, emulating ransomware attacks, and comparing the classi-fier’s performance against existing techniques. Conclusions: Our thesis aims to contribute a novel, behavior-based detectionsystem for ransomware attacks in cloud environments, advancing the state-of-the-artand providing a scalable solution for various cloud storage providers.Keywords: ransomware detection, cloud environments, behavior-based detec-tion, machine learning, Google Drive.

ransomware detection

cloud environments

behavior-based detec- tion

machine learning

Google Drive

Computer Sciences

Datavetenskap (datalogi)