Detection rules for Ransomware detection in YARA and Sigma formats
Detekční Pravidla pro Detekci Ransomware ve Formátech YARA a Sigma
Authors
Supervisors
Reviewers
Editors
Other contributors
Journal Title
Journal ISSN
Volume Title
Publisher
České vysoké učení technické v Praze
Czech Technical University in Prague
Czech Technical University in Prague
Date
Abstract
This thesis focuses on analysis and defense against ransomware using detection rules. It provides an overview of the different types of ransomware and explores their lifecycle from infecting the system to extorting the victim. It also deals with methods of static and dynamic analysis of malicious software. In addition, it also examines the techniques that are used to defend against analysis. Subsequently, work with rules in YARA and Sigma formats is described. In the design part, rules are implemented in these formats aimed at general detection of ransomware samples.
This thesis focuses on analysis and defense against ransomware using detection rules. It provides an overview of the different types of ransomware and explores their lifecycle from infecting the system to extorting the victim. It also deals with methods of static and dynamic analysis of malicious software. In addition, it also examines the techniques that are used to defend against analysis. Subsequently, work with rules in YARA and Sigma formats is described. In the design part, rules are implemented in these formats aimed at general detection of ransomware samples.
This thesis focuses on analysis and defense against ransomware using detection rules. It provides an overview of the different types of ransomware and explores their lifecycle from infecting the system to extorting the victim. It also deals with methods of static and dynamic analysis of malicious software. In addition, it also examines the techniques that are used to defend against analysis. Subsequently, work with rules in YARA and Sigma formats is described. In the design part, rules are implemented in these formats aimed at general detection of ransomware samples.