Skip to content

Uses Cuckoo Sandbox and a trained SV classifier to accurately detect ransomware samples.

Notifications You must be signed in to change notification settings

whoIsOneZero/ransomware_detection_mitigation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

71 Commits
 
 
 
 
 
 
 
 

Repository files navigation

RansomShield: Crypto-Ransomware Detection and Mitigation Tool

RansomShield is a powerful tool designed to detect and mitigate crypto-ransomware using machine learning. This tool utilizes Cuckoo Sandbox for dynamic malware analysis, extracts features from analysis reports, and classifies samples using a trained Support Vector Machine (SVM) model.

Sample Analysis

Features

  • File upload and analysis.
  • Directory monitoring.
  • Link submission for analysis.
  • Dynamic analysis with Cuckoo Sandbox.
  • Ransomware classification using a trained SVM model.
  • Integration with a cloud-based signature repository.
  • User-friendly interface for easy usage.

Prerequisites

  1. Python Installed: Ensure you have Python 3.10+ installed on your machine.
  2. Oracle VM VirtualBox: Enusre you're have Oracle VM VirtualBox on a Windows sytem. Download here
  3. Cuckoo Sandbox: Follow the tutorial to setup your Cuckoo Sandbox locally. Link
  4. Other Resources:

Usage

  1. Clone the Repository or Download the Code:

    • Clone the repository.
      git clone https://github.com/whoIsOneZero/ransomware_detection_mitigation.git
    • Alternatively, download the project files and extract them to your desired location.
  2. Navigate to the Project Directory:

    • Open a terminal (or command prompt) and navigate to the directory containing your project files. Example:
      cd C:\Users\user\Desktop\ransomware_detection_mitigation
  3. Create a Virtual Environment (Optional but Recommended):

    • Create a virtual environment to isolate your project dependencies.
      python -m venv myenv
    • Activate the virtual environment.
      • On Windows:
        myenv\Scripts\activate
      • On macOS/Linux:
        source myenv/bin/activate
  4. Install Required Dependencies:

  • Install all required dependencies using pip. If you have a requirements.txt file, use it to install dependencies.
    pip install -r requirements.txt
  1. Start the Cuckoo Sandbox System:
    In the Ubuntu VM;

    • Activate the virtual environment
    workon sandbox
    • This script creates a VirtualBox host-only network interface called vboxnet0, which is used for communication between the host and the virtual machines.
    vmcloak-vboxnet0
    • Enable IP forwarding on your network interface
    sudo sysctl -w net.ipv4.conf.enp0s3.forwarding=1
    • Configures Network Address Translation (NAT) to allow virtual machines in the 192.168.56.0/24 network to access the internet through the enp0s3 interface.
    sudo iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.56.0/24 -j MASQUERADE
    • Set the default policy for the FORWARD chain to DROP, which means all forwarded packets will be dropped unless explicitly allowed.
    sudo iptables -P FORWARD DROP
    • Allow packets that are part of an established connection or related to an existing connection.
    sudo iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    sudo iptables -A FORWARD -s 192.168.56.0/24 -j ACCEPT

    Open Terminator and split into 3 windows

    • Activate the virtual environment in all 3 windows:
    workon sandbox
    • In the Terminator window 1, start the Cuckoo rooter service:
    cuckoo rooter --sudo --group osboxes
    • In the Terminator window 2, start the main Cuckoo service:
    cuckoo
    • Run this command to get the IP adress of the the primary network interface connected to your VirtualBox's virtual network.
    ip -4 addr show enp0s3 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'
    • In the Terminator window 3, start the Cuckoo REST API server on VM's IP address:
    cuckoo api --host 192.168.153.41 --port 8090
  2. Run the Streamlit App:
    On your host machine:

    python main.py

About

Uses Cuckoo Sandbox and a trained SV classifier to accurately detect ransomware samples.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published