Skip to main content

Identifying Ransomware Through Statistical and Behavioural Analysis

Pont, Jamie John (2023) Identifying Ransomware Through Statistical and Behavioural Analysis. Doctor of Philosophy (PhD) thesis, University of Kent,. (doi:10.22024/UniKent/01.02.100606) (KAR id:100606)


Ransomware is a devastating type of malicious software that restricts a user's access to a digital asset of value, demanding a ransom in order to restore it. Ransomware attacks have only increased in popularity over the years and show no signs of abating. Moreover, the complexity and potential impact of these attacks have also increased, such that modern-day ransomware attacks are capable of bringing businesses and organisations to a standstill, with ransom demands often in excess of millions of pounds.

The research presented in this thesis aims to contribute to a stronger foundation of knowledge regarding this relatively new cyberthreat through the development of several novel countermeasures. An in-depth analysis of current state-of-the-art anti-ransomware tools was conducted, through which an overall preference towards statistical and behavioural detection methods was identified. Additionally, several datasets and an analysis environment were constructed in order to identify and subsequently improve current statistical and behavioural approaches, contributing towards more effective ransomware detection.

Untapped potential within statistical-based approaches to ransomware detection was clearly identified, showing that near-perfect classification rates were possible within the scope of our experiments. Despite the continual growth both in terms of frequency and sophistication of ransomware attacks, our results suggest that the significant differences in system behaviour observed during a ransomware attack are enough to identify and thwart ransomware attacks. Future work should pay particular attention to these clear fingerprints created by ransomware attacks, such that damages can largely be mitigated, alleviating the need to pay the ransom and thus toppling the underground ransomware economy.

Item Type: Thesis (Doctor of Philosophy (PhD))
Thesis advisor: Hernandez-Castro, Julio
Thesis advisor: Arief, Budi
DOI/Identification number: 10.22024/UniKent/01.02.100606
Uncontrolled keywords: ransomware anti-ransomware malware anti-malware detection statistics behavioural analysis
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Funders: University of Kent (
SWORD Depositor: System Moodle
Depositing User: System Moodle
Date Deposited: 24 Mar 2023 15:10 UTC
Last Modified: 27 Mar 2023 09:45 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

Pont, Jamie John.

Creator's ORCID:
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.