Ransomware Detection through Device and Network Behavior Monitoring

Ransomware consists of malicious software that after infecting a target device prevents the device owner from using effectively the corresponding resources until the demands of the ransomware operator are met usually by paying a ransom, typically using cryptocurrencies.
Despite the growing number of ransomware infections, their increasing sophistication, and their significant financial and operational impact, available defensive mechanisms are still embryonic. Most of the existing approaches are signature-based, and as such struggle with the evolving nature of ransomware, of which currently over 160 different strains have identified.
Furthermore, existing approaches are overwhelmingly host-based. This is because it is very challenging to identify distinctive characteristics of ransomware activity from network traffic. However, such characteristics do exist and can be valuable in early detection of ransomware, or of ongoing ransomware activities. TO BE CONT’D

Faculty Supervisor:

Issa Traore


Paulo Quinan


Efficient Protection Inc


Engineering - computer / electrical


Information and communications technologies




Current openings

Find the perfect opportunity to put your academic skills and knowledge into practice!

Find Projects