Mantipally, Naresh (2024) Empowering Ransomware Detection: Leveraging Splunk and Sigma Rules for Enhanced Security. Masters thesis, Dublin, National College of Ireland.
Preview |
PDF (Master of Science)
Download (1MB) | Preview |
Preview |
PDF (Configuration Manual)
Download (1MB) | Preview |
Abstract
Ransomware continues to pose a considerable threat to organizations globally, with cybercriminals employing increasingly complex tactics to intrude systems and encrypt critical data. This research project focuses on enhancing ransomware detection capabilities using Splunk, a leading Security Information and Event Management (SIEM) platform, while aligning detection strategies with the MITRE ATT&CK Framework.
Specifically, the study delves into the development of Sigma rules to translate ransomware behaviors, with a primary focus on two prevalent tactics: the File Overwrite Approach and the File Renaming Approach.
These tactics are mapped to corresponding techniques within the MITRE ATT&CK Framework, facilitating a comprehensive understanding of ransomware behaviors and enabling more effective detection strategies.
Additionally, the project encompasses the development of a custom script in the Go programming language for ransomware encryption and decryption, serving as a valuable tool for testing and validating detection strategies within Splunk.
By positioning detection efforts with the MITRE ATT&CK Framework and leveraging Sigma rules, this project aims to empower security teams with actionable insights for detecting and mitigating ransomware threats effectively, ultimately contributing to the advancement of cybersecurity practices.
Item Type: | Thesis (Masters) |
---|---|
Supervisors: | Name Email Pantridge, Michael UNSPECIFIED |
Uncontrolled Keywords: | Splunk; Detection; Ransomware; Sigma Rules; Zeek logs; Custom Query; MITRE ATT&CK |
Subjects: | Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Machine learning |
Divisions: | School of Computing > Master of Science in Cyber Security |
Depositing User: | Ciara O'Brien |
Date Deposited: | 05 Jun 2025 10:12 |
Last Modified: | 05 Jun 2025 10:12 |
URI: | https://norma.ncirl.ie/id/eprint/7747 |
Actions (login required)
![]() |
View Item |