Reference no: EM133236626

Assignment Project -

Description - This project will be focused on a study of ransomware attacks and the related mitigation techniques. You will be working on a virtual machine (VM) in order to ensure the required isolation. You must not work on the project directly on your host machine as it may cause damage to your operating system and personal data.

For the attack part, you will develop your own ransomware tool, which will infect your guest OS in the VM and encrypt a designated directory. For the cybersecurity part, you will detect the ransomware and take action to mitigate the problem. For that purpose, you need to monitor the activities on your guest VM, detect if there is a ransomware, block it, and attempt recovery.

Project Plan - You will follow the steps listed below. You are recommended to submit a short memo describing your progress at each step-via Canvas. These memos will be used by instructor to guide your work on the project. The memos will not be formally graded, and they will receive no credit.

Of course, you are welcome to communicate with the instructor for guidance at any time. You have a freedom to select your favorite methods and approaches at every step. Also, you may use an operating system of your choice for the victim machine (as long as it is available as a guest OS VM). For these reasons, each project is expected to have a unique structure. Note that the instructors we will be checking the submitted code and reports for similarities.

1. Research on ransomware techniques: First, you need to do a basic literature survey on ransomware in order to figure out how this type of malware works. There are multiple approaches for building ransomware. You may select one of them or come up with your own.

Preparing the project plan. For each of Steps 2-5, select a specific method, which you will implement for your project components. Due: 10/07.

2. Action: In this step, you will implement your own ransomware. You are expected to write all the code yourself. You may use libraries for encryption/decryption, but other parts of the code are supposed to be your own. Specifically, your ransomware should encrypt a given directory recursively, i.e., all its subdirectories and files in them. Write the encryption/decryption component.

3. Infection: In this step, you need to implement a method for infecting a victim. You may use phishing, a hidden executable in a file, a hidden executable in a website, or any other method. For this step, you may use existing cybersecurity attack toolsets. However, you need to implement your method and demonstrate that it is successful. Write the infection (malicious code delivery) component.

4. Monitoring: To be able to detect a ransomware, we need to be able to monitor your environment. Write your own detection tool. You may use external libraries to help your monitoring activities, but the implementation needs to be your own, using your own code. The monitored data must be also logged in a database or other structured file. Write the monitoring/auditing component.

5. Detection: You may use the existing approaches, but the implementation must be your own solution. For example, you may check the data obtained in the previous step against some set of rules, match it to a certain pattern, or even use machine learning. An important point is to demonstrate that your tool successfully detects ransomware, without creating false positives for legitimate processes. Write the detection component.

6. Mitigation: For the mitigation part, you need to come up with a solution to block the ransomware process and to attempt recovery. Of course, if ransomware is implemented properly, then recovery may be difficult or impossible, depending on when detection happened. In any case, all aspects of the mitigation process, including prevention must be discussed in detail. Write the defense/recovery component.

Deliverables - At the end of the project, you will submit the following three deliverables:

Project code: It will include all the code written by the students along with a README file that shows step-by-step instructions on how to duplicate your environment.

In particular, it must have information on the environment, libraries needed, the dependencies, and others. Your code must be properly commented.

Demo video: It will include a demonstration of your implementation and its features, showing how it works, what it does, and confirming that it works successfully. o Maximum length of the video: 15 minutes. (The grader will base their evaluation on the first 15 minutes.)

Report: You need to follow an outline of a regular research paper. In particular, it should contain:

Abstract: A brief overview of your project. Approximately 250 words.

Introduction: Explaining the problem you are trying to solve, why it is an important problem, a brief overview of your approach, a brief overview of your accomplishments, etc. This section should take approximately one page.

Related works: The explanation of other studies and paper that you have found. You need to present what the others have done, how, what they have observed, etc. At least 4-5 sources need to be presented and summarized. This section should take approximately one page.

Approach: For each step of the project, you need to explain your approach, your architecture, steps, implementation details, and so on. This is the main part of your report and it should take around 2 pages.

Results: You need to present your results here. This section should take approximately one page.

References: Add the references (bibliography) in the IEEE format.