September 11, 2021

Ransomware detection – Final year project

I’m planning to do research surrounding the detection of ransomware attacks for my final year project. I was thinking of **using behavioural analysis and machine learning models** to come up with a solution for detecting/predicting ransomware attacks. I’ve gone through a few research papers surrounding this topic, but I am by no means an expert surrounding this area.

For the cyber security experts out there, what do you think is the future for ransomware detection?

PS: I know that there are the common prevention methods such as taking backups and user education. However, I am looking for a more technical solution that can detect ransomware behaviour once it enters a system.



Once it is already in your system, it is often too late to prevent encryption by ransomware. I recommend starting earlier in the cycle – what do ransomware operators look for in targets? How do their capabilities align with the attack surfaces of potential victims and what steps can be taken to make a system a less attractive target? Lately, ransomware prevention is less about detection and more about attack surface denial through understanding the TTPs of threat actors.


I hate to rain on your parade, but I wouldn’t want to see you spinning your wheels. There are a few solutions out there that already do behavioral analysis out there, namely Croudstrike, and Carbon black to name a couple.


If you’re working on building an AI that will do this, I think it’s worth working on as a concept or for your final year project, but if it’s to solve something that’s not already out there… it is out there.


If you have all the security protocols in place, defense in depth, XDR/SEIM with ML&AI and automation, controlled folder access, MFA, and a list of more – Ransomware should never enter system but be detected and blocked with an alert. Is your question more around security not in place and what to do once it’s In a tenant?


My suggestion is to store the hash of a commonly encrypted file like myinfo.doc and store the hash and if the file is changed the hash is different and here you go, you detected ransomware.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.