Ransomware DetectionCloud EnvironmentsBehavior-Based DetectionMachine LearningGoogle Drive
Blekinge Institute of Technology
Background: Ransomware attacks are a significant threat to digital information, and with the increasing adoption of cloud storage services, attackers now target cloud environments. The existing literature on ransomware detection has primarily focused on local environments, and there is a limited body of research on applying these approaches to the cloud environment. Objectives: In this thesis, we aim to develop a behavior-based ransomware detection system for cloud environments, specifically focusing on Google Drive, using machine learning techniques. We will create a dedicated Google Workspace and utilize the Google Cloud Platform for developing the anomaly detection classifier. Methods: We will review related work in ransomware detection and machine learning approaches to select suitable techniques for our research. Our anomaly detection classifier will analyze user activities in the cloud, such as file access patterns and permission changes, to detect deviations indicative of ransomware attacks. Results: We will validate our system’s performance by conducting experiments in our Google Workspace, emulating ransomware attacks, and comparing the classifier’s performance against existing techniques. Conclusions: Our thesis aims to contribute a novel, behavior-based detection system for ransomware attacks in cloud environments, advancing the state-of-the-art and providing a scalable solution for various cloud storage providers.
Leonid PopryhoYaroslav Popryho