Malware Research for Ransomware Defense

Recent events have demonstrated that ransomware is the most prominent and damaging malware (malicious software) today. Several capabilities have been developed to identify and protect against such large-scale and Internet threats. Most of these capabilities fall under host-based techniques, which are generally limited to known signatures. In this project, we propose to develop intel-based capabilities, powered by machine learning, that help not just in the detection of such malware, but also in the extraction of malware analytics. To achieve our goal, we leverage a live feed of 50,000 raw malware samples daily to infer the abnormality of ransomware and extract their network and system behaviors. Such insights allow to generate threat intel and build capabilities to protect against these ransom-based malware.