NORMA eResearch @NCI Library

Empowering Ransomware Detection: Leveraging Splunk and Sigma Rules for Enhanced Security

Mantipally, Naresh (2024) Empowering Ransomware Detection: Leveraging Splunk and Sigma Rules for Enhanced Security. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
PDF (Configuration Manual)
Download (1MB) | Preview

Abstract

Ransomware continues to pose a considerable threat to organizations globally, with cybercriminals employing increasingly complex tactics to intrude systems and encrypt critical data. This research project focuses on enhancing ransomware detection capabilities using Splunk, a leading Security Information and Event Management (SIEM) platform, while aligning detection strategies with the MITRE ATT&CK Framework.

Specifically, the study delves into the development of Sigma rules to translate ransomware behaviors, with a primary focus on two prevalent tactics: the File Overwrite Approach and the File Renaming Approach.

These tactics are mapped to corresponding techniques within the MITRE ATT&CK Framework, facilitating a comprehensive understanding of ransomware behaviors and enabling more effective detection strategies.

Additionally, the project encompasses the development of a custom script in the Go programming language for ransomware encryption and decryption, serving as a valuable tool for testing and validating detection strategies within Splunk.

By positioning detection efforts with the MITRE ATT&CK Framework and leveraging Sigma rules, this project aims to empower security teams with actionable insights for detecting and mitigating ransomware threats effectively, ultimately contributing to the advancement of cybersecurity practices.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Pantridge, Michael
UNSPECIFIED
Uncontrolled Keywords: Splunk; Detection; Ransomware; Sigma Rules; Zeek logs; Custom Query; MITRE ATT&CK
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Machine learning
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 05 Jun 2025 10:12
Last Modified: 05 Jun 2025 10:12
URI: https://norma.ncirl.ie/id/eprint/7747

Actions (login required)

View Item View Item