Countering Ransomware Using Anomaly Detection of Endpoint Events
Countering Ransomware Using Anomaly Detection of Endpoint Events
Samenvatting
This research, commissioned by Fox-IT, is focused on the development of a new concept in cybersecurity event monitoring to improve the detection capabilities of the CTM Endpoint Module. Additional background information of Fox-IT is provided in Chapter 2. The description of the research assignment and the goal of the research is given in Chapter 3. Chapter 4 states the approach of the research and provides a more detailed overview of the project including the separate tasks and activities during the length of the research. Before specifying the requirements of the research a literature review is performed to provide additional information about common ransomware characteristics and di erent classi cation techniques. Based on these results, multiple exploratory prototypes are developed to establish the exact requirements of the research in accordance with the product owner in Chapter 5. The development of the nal prototype is described in Chapter 6 which also included the designs of the operation of the prototype. An agile approach was used during the development phase which is described in three separate sprints. The tests that have been performed for the software are included in a separate document, the Test Report, which is included in Appendix E. The results of the nal prototype are included in Chapter 7, and leads to a conclusion which is drawn in Chapter 8 which also provides recommendations for future work.
Organisatie | De Haagse Hogeschool |
Opleiding | ITD Technische Informatica |
Afdeling | Faculteit IT & Design |
Partner | Fox-IT |
Jaar | 2017 |
Type | Bachelor |
Taal | Engels |