Nutanix Ransomware Attack Detection

Summary:

In our ever growing technological world security is a key feature that we all depend on, recently we have seen how ransomware is a growing threat to the security of many institutions within the cyber domain. Universities’ have had information stolen, pipeline’s operations get halted, hospitals can get shut down. These are just some of the most recent instances of ransomware causing huge damage to our society. Our goal in this project was to work with Nutanix to research and design a system that can detect ransomware on a hypervisor level instead of the individual level with high accuracy. We started by researching the signals that ransomware emits when it begins its attack. Once we had a solid set of signals we chose the strongest ones that can be collected on the hypervisor level. We found storage and network to be our two main sources. With storage we capture the write processes and calculate the average entropy within a minute window. With the network side we capture HTTP packets using a vSwitch, and parse the packet for several signals: HTTP status, entropy of URL name, number of digits in URL, length of URL, number of parameters in packet, and the number of fragments. We trained a decision tree machine learning model that we now use to detect with 93% accuracy if a URL is malicious or not. We then combine these two signals using a sliding window, with the network as a trigger, to create an alert signal.

System Illustration:

Poster for Nutanix

Team Members:

Scott Fischer

Bio:

I will be graduating in Winter 2022 with a BS in Computer Engineering. I’m very interested in Cyber Security, Robotics Engineering, Embedded Systems, and Distributed Systems.

Email: fischer.isaiah.scott@gmail.com

LinkedIn: https://www.linkedin.com/in/scott-fischer/

Github: https://github.com/Scottie-Fischer

Raphael Zaafrani

Bio:

Originally from Sarcelles, France, I have lived in California for the past 6 years and have been passionate about computer science for roughly as long. I should be graduating this quarter, June 2021, and hope to continue living in the Bay Area. Over these years I have found a growing interest in the making of mobile applications and machine learning algorithms.

Email: raphaelzaafrani@gmail.com

Github: github.com/raphaelZaa

LinkedIn: linkedin.com/in/raphael-zaafrani/

Resume available on demand.

Cyrus Karsan

Bio:

I graduated in March of 2021 with a B.S. in Computer Science and currently work as a fullstack software engineer. I enjoy working and learning about distributed systems, blockchain conesus, and cybersecurity as well as frontend technologies such as REACT and typescript.

Personal Website: cyruskarsan.github.io

Github: https://github.com/cyruskarsan/

Email: cyruskarsan@gmail.com

Linkedin: linkedin.com/in/cyruskarsan

Andrew Thach

Bio: ---

Email: andrew.thach123@gmail.com

Github: https://github.com/ThachAndrew

LinkedIn: https://www.linkedin.com/in/thachandrew/

Nutanix Ransomware Attack Detection

Other Partners Day 2021 Projects