Return to search

Analýza síťové komunikace Ransomware / Ransomware Traffic Analysis

The focus of this work is crypto-ransomware; a variant of malware, an analysis of this malware’s network communication, and the identification of means by which it may be detected in the network. The thesis describes the methodology and environment in which the malware’s network communications were studied. The first part of the thesis provides a network traffic analysis of this type of malware with a focus on HTTP and DNS communication, including anomalies that can be observed in the network during this malware’s activity. The thesis also includes a discussion of the user behavior of devices infected by this type of malware. The resulting data was used to identify and describe four detection methods that are able to recognize the malware from its network communication using the HTTP protocol. Finally, a description of several signatures that can be used as indicators of a possible infection by this malware are provided.

Identiferoai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:363782
Date January 2017
CreatorsŠrubař, Michal
ContributorsGrégr, Matěj, Ryšavý, Ondřej
PublisherVysoké učení technické v Brně. Fakulta informačních technologií
Source SetsCzech ETDs
LanguageCzech
Detected LanguageEnglish
Typeinfo:eu-repo/semantics/masterThesis
Rightsinfo:eu-repo/semantics/restrictedAccess

Page generated in 0.0084 seconds