Identifying File Interaction Patterns in Ransomware Behaviour

Liam Grant, Simon Parkinson

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review


Malicious software (Malware) has a rich history of causing significant challenges for both users and system developers alike. The development of different malware types is often resulting from criminal opportunity, and the monetisation of ransomware, coupled with the continuously growing importance of user data, is resulting in ransomware becoming one of the most prominent forms of malware. Detecting and stopping ransomware from executing is challenging due to the large verity of different types, as well as the speed of new instances being developed. This results in static approaches, such as using signatures, ineffective in many instances. This chapter investigates the behavioural analysis of ransomware, and in particular focussed on its interaction with the underlying file system. This study identifies that ransomware instances have unique behavioural patterns, which are significantly different from those of normal user interaction.
Original languageEnglish
Title of host publicationGuide to Vulnerability Analysis for Computer Networks and Systems
Subtitle of host publicationAn Artificial Intelligence Approach
EditorsSimon Parkinson, Andrew Crampton, Richard Hill
Place of PublicationCham
PublisherSpringer, Cham
Number of pages19
ISBN (Electronic)9783319926247
ISBN (Print)9783319926230
Publication statusPublished - 5 Sep 2018

Publication series

NameComputer Communications and Networks
ISSN (Print)1617-7975
ISSN (Electronic)2197-8433


Dive into the research topics of 'Identifying File Interaction Patterns in Ransomware Behaviour'. Together they form a unique fingerprint.

Cite this