Detekční Pravidla pro Detekci Ransomware ve Formátech YARA a Sigma
Detection rules for Ransomware detection in YARA and Sigma formats
Typ dokumentu
diplomová prácemaster thesis
Autor
Stanislav Lepič
Vedoucí práce
Fornůsek Simona
Oponent práce
Lórencz Róbert
Studijní obor
Počítačová bezpečnostStudijní program
InformatikaInstituce přidělující hodnost
katedra informační bezpečnostiPráva
A university thesis is a work protected by the Copyright Act. Extracts, copies and transcripts of the thesis are allowed for personal use only and at one?s own expense. The use of thesis should be in compliance with the Copyright Act http://www.mkcr.cz/assets/autorske-pravo/01-3982006.pdf and the citation ethics http://knihovny.cvut.cz/vychova/vskp.htmlVysokoškolská závěrečná práce je dílo chráněné autorským zákonem. Je možné pořizovat z něj na své náklady a pro svoji osobní potřebu výpisy, opisy a rozmnoženiny. Jeho využití musí být v souladu s autorským zákonem http://www.mkcr.cz/assets/autorske-pravo/01-3982006.pdf a citační etikou http://knihovny.cvut.cz/vychova/vskp.html
Metadata
Zobrazit celý záznamAbstrakt
This thesis focuses on analysis and defense against ransomware using detection rules. It provides an overview of the different types of ransomware and explores their lifecycle from infecting the system to extorting the victim. It also deals with methods of static and dynamic analysis of malicious software. In addition, it also examines the techniques that are used to defend against analysis. Subsequently, work with rules in YARA and Sigma formats is described. In the design part, rules are implemented in these formats aimed at general detection of ransomware samples. This thesis focuses on analysis and defense against ransomware using detection rules. It provides an overview of the different types of ransomware and explores their lifecycle from infecting the system to extorting the victim. It also deals with methods of static and dynamic analysis of malicious software. In addition, it also examines the techniques that are used to defend against analysis. Subsequently, work with rules in YARA and Sigma formats is described. In the design part, rules are implemented in these formats aimed at general detection of ransomware samples.
Kolekce
- Diplomové práce - 18106 [113]