Publicación:
Marco referencial de seguridad semi-automatizado implementando reglas YARA integradas con algoritmos fuzzy hashing SSDEEP para incrementar la identificación de ransomware en bucket’s de AWS S3

Vista sencilla de ítem
dc.contributor.advisorMartinez Lozano, Jeferson Eleazar
dc.contributor.authorCastaño Castaño, Diego Adrian
dc.contributor.corporatenameInstitución Universitaria ITM
dc.contributor.juryDuran, Javier
dc.contributor.juryVahos Hernandez, Luis Eduardo
dc.coverage.temporalColombia
dc.coverage.temporalAntioquia
dc.coverage.temporalMedellín
dc.date.accessioned2026-02-05T19:31:58Z
dc.date.issued2025
dc.description.abstractEsta tesis propone un marco referencial semi-automatizado para incrementar la detección de ransomware en buckets de almacenamiento AWS S3. La metodología se centra en la integración de reglas YARA con algoritmos fuzzy hashing SSDEEP. Inicialmente, se caracterizaron patrones de ransomware prevalentes en organizaciones de Hispanoamérica, identificando LockBit y Akira como los de mayor impacto, particularmente en Colombia. Se diseñaron reglas YARA regulares y se desarrollaron scripts en Python que las integra con SSDEEP, permitiendo la detección de ransomware no solo por coincidencias exactas, sino también por similitud estructural. La implementación de este marco se realizó en la nube de AWS utilizando funciones AWS Lambda, AWS EventBridge para la automatización y AWS S3 para el almacenamiento de muestras de ransomware y objetos benignos. Los resultados de la evaluación demostraron que la integración YARA+SSDEEP en AWS Lambda logró una efectividad del 100% en la detección de variantes de ransomware con similitud superior al 75%, superando las limitaciones de las reglas YARA regulares ante patrones modificados. Este enfoque híbrido ofrece una solución escalable y rentable para la detección proactiva de ransomware en entornos de nube, mejorando la resiliencia contra amenazas polimórficas y emergentes.spa
dc.description.abstractThis thesis proposes a semi-automated framework to increase ransomware detection in AWS S3 storage buckets. The methodology focuses on the integration of YARA rules with SSDEEP fuzzy hashing algorithms. Initially, prevalent ransomware patterns in Latin American organizations were characterized, identifying LockBit and Akira as the most impactful, particularly in Colombia. Regular YARA rules were designed and Python scripts were developed to integrate them with SSDEEP, allowing ransomware detection not only by exact matches but also by structural similarity. The implementation of this framework was carried out in the AWS Cloud using AWS Lambda functions, AWS EventBridge for automation, and AWS S3 for storing ransomware samples and benign objects. The evaluation results demonstrated that the YARA + SSDEEP integration in AWS Lambda achieved 100% effectiveness in detecting ransomware variants with similarity greater than 75%, overcoming the limitations of regular YARA rules when faced with modified patterns. This hybrid approach offers a scalable and cost-effective solution for proactive ransomware detection in cloud environments, improving resilience against polymorphic and emerging threats.eng
dc.description.degreelevelMaestría
dc.description.degreenameMagíster en Seguridad Informática
dc.description.researchareaCiencias Exactas y Aplicadas::Geofísica y Ciencias de la Computación GGC3::Ciencias de la computación
dc.description.tableofcontentsResumen ....................................................................................................................... VII Lista de imágenes ......................................................................................................... XI Lista de tablas .............................................................................................................. XII Lista de Símbolos y abreviaturas ............................................................................... XIII Introducción .................................................................................................................. 15 1 Marco Teórico y Estado del Arte ........................................................................... 23 1.1 Caracterizar patrones de comportamiento de ransomware ............................ 29 1.1.1 El Ransomware como Amenaza Evolutiva .......................................... 29 1.1.2 Enfoques de Detección de Malware: Estático, Dinámico y Híbrido ...... 29 1.1.3 Reglas YARA para la Identificación de Patrones ................................. 30 1.2 Técnicas de detección y análisis de malware ................................................ 30 1.2.1 Basadas en Machine Learning ............................................................ 31 1.2.2 Basadas en Reglas YARA .................................................................. 33 1.2.3 Basadas en AI ..................................................................................... 34 1.4 Impactos de los ataques ................................................................................ 35 1.4.1 Consecuencias Operacionales y de Negocio ...................................... 35 1.4.2 Impacto Financiero del Ransomware .................................................. 36 1.4.3 Daño Reputacional y Pérdida de Confianza ........................................ 37 1.4.4 Repercusiones Legales y Regulatorias ............................................... 37 1.5 Estado del arte .............................................................................................. 38 2 Metodología ............................................................................................................ 41 2.1 Fase I: Caracterización de Patrones YARA de Ransomware ......................... 42 2.1.1 Análisis Cuantitativo de la Prevalencia de Ransomware ..................... 42 2.1.2 Identificación de Patrones de Comportamiento ................................... 45 2.1.2.1 Caracterización de LockBit .................................................................. 45 2.1.2.2 Caracterización de Akira ..................................................................... 46 2.2 Fase II: Experimentación YARA+SSDEEP e Implementación en AWS Lambda 48 2.2.1 Diseño de Reglas YARA Regulares .................................................... 49 2.2.2 Diseño de script integrando reglas YARA y SSDEEP.......................... 49 2.2.3 Implementación de script en funciones AWS Lambda ......................... 50 2.3 Fase III Análisis y Evaluación de la Efectividad de la Metodología Propuesta 53 2.3.1 Métricas de Evaluación de Detección .................................................. 53 2.3.2 Indicadores Clave de Rendimiento (KPIs) ........................................... 54 3 Resultados .............................................................................................................. 55 3.1 Resultados objetivo 1 - Caracterizar ransomware .......................................... 55 3.1.1 Matriz de correlación de Pearson ........................................................ 55 3.1.2 Patrones de comportamiento para Akira y LockBit .............................. 57 3.2 Resultados objetivo 2 – Integrar YARA+SSDEEP ......................................... 58 3.2.1 Validación del proceso experimental ................................................... 58 3.3 Resultados objetivo 3 – Procedimiento semi-automatizado en AWS Lambda 62 3.3.1 Diagramas de flujo .............................................................................. 62 3.3.2 Diagrama de infraestructura en AWS .................................................. 63 3.3.3 Código fuente de integración YARA+SSDEEP ................................... 64 3.4 Resultados objetivo 4 – Evaluación de resultados ......................................... 67 3.4.1 Evaluación de la Regla YARA Regular en AWS Lambda .................... 67 3.4.2 Evaluación del script Integrando YARA+SSDEEP en AWS Lambda .. 68 4 Conclusiones y recomendaciones ....................................................................... 73 4.1 Conclusiones ................................................................................................. 73 4.2 Recomendaciones ......................................................................................... 74 3 Bibliografía ............................................................................................................. 79spa
dc.format.extent86 páginas
dc.format.mimetypeapplication/pdf
dc.identifier.instnameinstname:Institución Universitaria ITMspa
dc.identifier.reponamereponame:Repositorio Institucional Institución Universitaria ITMspa
dc.identifier.repourlrepourl:https://repositorio.itm.edu.cospa
dc.identifier.urihttps://hdl.handle.net/20.500.12622/8031
dc.language.isospa
dc.publisherInstitución Universitaria ITM
dc.publisher.branchCampus Fraternidad
dc.publisher.departmentDepartamento de Sistemas::Maestría en Seguridad Informática
dc.publisher.facultyFacultad de Ingenierías
dc.publisher.placeMedellín
dc.publisher.programMaestría en Seguridad Informática
dc.relation.referencesMordor Intelligence, “Análisis de participación y tamaño del mercado de migración a la nube: tendencias y pronósticos de crecimiento (2024–2029).” [En línea]. Disponible: https://www.mordorintelligence.com/es/industry-reports/cloud-migration-services-market
dc.relation.referencesGartner. (2023). Gartner forecasts worldwide public cloud end-user spending to reach nearly $600 billion in 2023. https://www.gartner.com/
dc.relation.referencesCloud Security Alliance. (2022). Top threats to cloud computing: Pandemic eleven. https://cloudsecurityalliance.org/
dc.relation.referencesS. Abrams, “Ransomware abuses Amazon AWS feature to encrypt S3 buckets,” BleepingComputer, Jun. 2024. [Online]. Available: https://www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws-feature-to-encrypt-s3-buckets/?utm_source=chatgpt.com
dc.relation.referencesSophos, Sophos State of Ransomware 2024, 2024. https://assets.sophos.com/X24WTUEQ/at/pzm7pw4k5ghvxmfbtcx57mr/sophos-state-of-ransomware-2024-wpes.pdf (accedida Feb. 16, 2025).
dc.relation.referencesIBM Security. (2023). Cost of a data breach report 2023. IBM Corporation. https://www.ibm.com/security/data-breach
dc.relation.referencesComisión Europea. (2018). Reglamento General de Protección de Datos (GDPR). Reglamento (UE) 2016/679. https://eur-lex.europa.eu/
dc.relation.referencesM. Alasmary, et al., “Security Challenges of Cloud Storage Services: A Survey,” IEEE Access, vol. 10, pp. 15498–15512, 2022.
dc.relation.referencesA. Benameur, et al., “Ransomware Detection and Prevention Techniques: A Review,” Computers & Security, vol. 121, p. 102802, 2022.
dc.relation.referencesR. Kok, et al., “Improving Cloud Malware Detection through Automation and Heuristics,” IEEE Trans. on Cloud Computing, vol. 11, no. 1, pp. 47–58, 2023.
dc.relation.referencesENISA, Threat Landscape for Ransomware Attacks 2022, European Union Agency for Cybersecurity, 2022.
dc.relation.referencesSharmeen, S., Huda, S., Koronios, A., & Islam, R. (2020). Ransomware detection: A proactive approach using fuzzy pattern recognition technique. Computers & Security, 96, 101908. https://doi.org/10.1016/j.cose.2020.101908
dc.relation.referencesChen, Z., Yan, Q., Han, H., Wang, S., Peng, L., Wang, L., & Yang, B. (2021). Machine learning based mobile malware detection using highly imbalanced network traffic. Information Sciences, 557, 15-34. https://doi.org/10.1016/j.ins.2020.12.053
dc.relation.referencesAWS. (2023). AWS Security Hub User Guide. Amazon Web Services. https://docs.aws.amazon.com/securityhub/
dc.relation.referencesStatista. (2023). Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2025.
dc.relation.referencesHomayoun, S., Dehghantanha, A., Ahmadzadeh, M., Hashemi, S., & Khayami, R. (2019). Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence. IEEE Transactions on Emerging Topics in Computing, 8(2), 341-351. https://doi.org/10.1109/TETC.2017.2756908
dc.relation.referencesMorato, D., Berrueta, E., Magaña, E., & Izal, M. (2018). Ransomware early detection by the analysis of file sharing traffic. Journal of Network and Computer Applications, 124, 14-32. https://doi.org/10.1016/j.jnca.2018.09.013
dc.relation.referencesD. Freeze, “Global ransomware damage costs predicted to exceed $265 billion by 2031,” Cybercrime Magazine, Jul. 10, 2023. [En línea]. Disponible: https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/
dc.relation.referencesCrowdStrike, Informe Global de Amenazas 2025. CrowdStrike, 2025. [En línea]. Disponible en: https://go.crowdstrike.com/rs/281-OBQ-266/images/CrowdStrikeGlobalThreatReport2025_es-LA.pdf?version=0
dc.relation.referencesYARA Project, "Welcome to YARA’s documentation! — yara 4.5.0 documentation." https://yara.readthedocs.io/en/latest/. (accedida May. 21, 2025).
dc.relation.referencesA. Zimba and M. Chishimba, “Understanding the Evolution of Ransomware: Paradigm Shifts in Attack Structures,” Int. J. Comput. Netw. Inf. Secur., vol. 11, pp. 26–39, 2019. [En línea]. Disponible: https://www.researchgate.net/publication/330734778
dc.relation.referencesIBM, “¿Qué es el malware?,” Jul. 3, 2024. https://www.ibm.com/es-es/topics/malware. (accedida May. 7, 2025).
dc.relation.referencesIBM, “Ransomware,” Oct. 4, 2024. https://www.ibm.com/es-es/topics/ransomware. (accedida May. 27, 2025).
dc.relation.referencesSophos, “Informe de Sophos sobre amenazas 2024,” Mar. 1, 2024. https://www.sophos.com/es-es/content/security-threat-report. (accedida May. 1, 2025). [25] Trend Micro, “Pushing the Outer Limits: Trend Micro 2024 Midyear Cybersecurity Threat Report,” Aug. 15, 2024. https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup
dc.relation.referencesV. Álvarez, YARA Documentation, 2021. https://media.readthedocs.org/pdf/yara/latest/yara.pdf. (accedida May. 1, 2025).
dc.relation.referencesYARA Project, “Running YARA from the command-line — YARA 4.5.0 documentation.” https://yara.readthedocs.io/en/latest/commandline.html. (accedida May. 19, 2025).
dc.relation.referencesN. Naik et al., “Embedding Fuzzy Rules with YARA Rules for Performance Optimisation of Malware Analysis,” in Proc. 2020 IEEE Int. Conf. Fuzzy Syst. (FUZZ-IEEE), Glasgow, UK, 2020, pp. 1–7, doi: 10.1109/FUZZ48607.2020.9177856.
dc.relation.referencesMITRE, “ATT&CK Matrix for Enterprise,” Jan. 1, 2024. https://attack.mitre.org/. (accedida Abr. 18, 2025).
dc.relation.referencesN. Sarantinos, C. Benzaid, O. Arabiat, and A. Al-Nemrat, “Forensic Malware Analysis: The Value of Fuzzy Hashing Algorithms in Identifying Similarities,” in 2016 IEEE Trustcom/BigDataSE/ISPA, 2016, pp. 1782–1787, doi: 10.1109/TrustCom.2016.0274.
dc.relation.referencesN. Naik, P. Jenkins, N. Savage, and L. Yang, “Cyberthreat Hunting - Part 1: Triaging Ransomware using Fuzzy Hashing, Import Hashing and YARA Rules,” in 2019 IEEE Int. Conf. Fuzzy Syst. (FUZZ-IEEE), New Orleans, LA, USA, 2019, pp. 1–6, doi: 10.1109/FUZZ-IEEE.2019.8858803.
dc.relation.referencesssdeep Project, "ssdeep - Fuzzy hashing program." https://ssdeep-project.github.io/ssdeep/index.html. (accedida May. 15, 2025).
dc.relation.referencesN. Naik et al., “Lockout-Tagout Ransomware: A Detection Method for Ransomware using Fuzzy Hashing and Clustering.” https://publications.aston.ac.uk/id/eprint/42000/
dc.relation.referencesN. Naik, P. Jenkins, N. Savage, L. Yang, K. Naik, and J. Song, “Augmented YARA Rules Fused With Fuzzy Hashing in Ransomware Triaging.” https://publications.aston.ac.uk/id/eprint/41999/
dc.relation.referencesN. Naik et al., “Fuzzy Hashing Aided Enhanced YARA Rules for Malware Triaging,” in 2020 IEEE SSCI, pp. 1138–1145, 2020. doi: 10.1109/SSCI47803.2020.9308189. [En línea]. Disponible: https://www.researchgate.net/publication/348262781
dc.relation.referencesAmazon Web Services, “Amazon Simple Storage Service (S3) - Almacenamiento en la nube - AWS.” https://aws.amazon.com/es/s3/faqs/. (accedida Jun. 1, 2025).
dc.relation.referencesAmazon Web Services, “What is Amazon S3? - Amazon Simple Storage Service.” https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html. (accedida Jun. 1, 2025).
dc.relation.referencesAmazon Web Services, “Expiring Amazon S3 Objects Based on Last Accessed Date to Decrease Costs,” Aug. 3, 2021. https://aws.amazon.com/es/blogs/architecture/expiring-amazon-s3-objects-based-on-last-accessed-date-to-decrease-costs/. (accedida Jun. 1, 2025).
dc.relation.referencesAmazon Web Services, “Comprenda los conceptos clave de Lambda - AWS Lambda.” https://docs.aws.amazon.com/es_es/lambda/latest/dg/gettingstarted-concepts.html (accedida Jun. 1, 2025).
dc.relation.referencesAmazon Web Services, “Field Notes: Optimize your Java application for AWS Lambda with Quarkus,” Nov. 23, 2022. https://aws.amazon.com/es/blogs/architecture/field-notes-optimize-your-java-application-for-aws-lambda-with-quarkus/ (accedida Jun. 6, 2025).
dc.relation.referencesJ. Smith and A. Jones, “Extending YARA with Module Support for PE and ELF Files,” Int. J. Cyber-Secur. Digit. Forensics, vol. 8, no. 2, pp. 45–56, 2019.
dc.relation.referencesV. Mythily et al., “Malware Detection and Prevention Using Machine Learning,” in Challenges in Information, Communication and Computing Technology, CRC Press, 2024, pp. 564–569. doi: 10.1201/9781003559092-97
dc.relation.referencesM. S. Akhtar and T. Feng, “Evaluation of Machine Learning Algorithms for Malware Detection,” Sensors, vol. 23, no. 2, 2023. doi: 10.3390/s23020946
dc.relation.referencesM. Al-Janabi and A. M. Altamimi, “A Comparative Analysis of Machine Learning Techniques for Classification and Detection of Malware,” in 2020 21st Int. Arab Conf. Inf. Technol. (ACIT), Giza, Egypt, 2020, pp. 1–9. [En línea]. Disponible: https://ieeexplore.ieee.org/abstract/document/9300081
dc.relation.referencesI. R. A. Hamid et al., “Android Malware Classification Using K-Means Clustering Algorithm,” IOP Conf. Ser.: Mater. Sci. Eng., vol. 226, no. 1, 2017. doi: 10.1088/1757-899X/226/1/012105 [46] A. Bensaoud, N. Abudawaood, and J. Kalita, “Classifying Malware Images with Convolutional Neural Network Models,” Int. J. Netw. Secur., vol. 22, no. 6, 2020. doi: 10.6633/IJNS.202011_22(6).17
dc.relation.referencesA. Pinhero et al., “Malware detection employed by visualization and deep neural network,” Computers & Security, vol. 105, p. 102247, 2021. doi: 10.1016/j.cose.2021.102247
dc.relation.referencesT. M. Mohammed, L. Nataraj, S. Chikkagoudar, S. Chandrasekaran, and B. S. Manjunath, “Malware Detection Using Frequency Domain-Based Image Visualization and Deep Learning,” arXiv preprint, 2021. [En línea]. Disponible: http://arxiv.org/abs/2101.10578
dc.relation.referencesL. Meijin et al., “A Systematic Overview of Android Malware Detection,” Appl. Artif. Intell., vol. 36, no. 1, 2021. doi: 10.1080/08839514.2021.2007327
dc.relation.referencesO. Jurečková, M. Jureček, M. Stamp et al., “Classification and online clustering of zero-day malware,” J. Comput. Virol. Hack. Tech., vol. 20, pp. 579–592, 2024. doi: 10.1007/s11416-024-00513-5
dc.relation.referencesL. Garcia and M. Perez, “Complementing Static Analysis with Dynamic Techniques in Malware Detection,” IEEE Trans. Inf. Forensics Secur., vol. 14, no. 6, pp. 1532–1545, 2019.
dc.relation.referencesO. Lysne, “Static Detection of Malware,” in The Huawei and Snowden Questions, Simula SpringerBriefs on Computing, vol. 4, Cham: Springer, 2018. doi: 10.1007/978-3-319-74950-1_7
dc.relation.referencesY. Guo, “A review of Machine Learning-based zero-day attack detection: Challenges and future directions,” Comput. Commun., vol. 198, pp. 175–185, 2023. doi: 10.1016/j.comcom.2022.11.001
dc.relation.referencesY. Song et al., “Application of deep learning in malware detection: a review,” J. Big Data, vol. 12, no. 1, 2025. doi: 10.1186/s40537-025-01157-y
dc.relation.referencesH. Shaban, E. Nakashima, and R. Lerman, “JBS, world’s biggest meat supplier, says its systems are coming back online after cyberattack shut down plants in U.S.,” The Washington Post, Jun. 1, 2021. [En línea]. Disponible: https://www.washingtonpost.com/business/2021/06/01/jbs-cyberattack-meat-supply-chain/
dc.relation.referencesK. Good, “JBS Systems Coming Back Online After Ransomware Attack,” Farm Policy News, Jun. 1, 2021. [En línea]. Disponible: https://farmpolicynews.illinois.edu/2021/06/jbs-systems-coming-back-online-after-ransomware-attack/
dc.relation.referencesS. Liebermann, “Qué son los ransomware y cómo afecta a la economía,” MasDigital, Jun. 15, 2024. [En línea]. Disponible: https://masdigital.com.ar/abc/que-son-los-ransomware-y-como-afecta-a-la-economia/
dc.relation.referencesKnowBe4, “Free Ransomware Awareness Resource Kit.” https://www.knowbe4.com/ransomware-resource-kit (accedida Feb. 8, 2025).
dc.relation.referencesVeritas, “¿Qué es el ransomware?” Jan. 1, 2023. https://www.veritas.com/es/es/information-center/what-is-ransomware (accedida Jun. 1, 2025).
dc.relation.referencesD. Milmo, “Ministers consider ban on all UK public bodies making ransomware payments,” The Guardian, Jan. 14, 2025. [En línea]. Disponible: https://www.theguardian.com/technology/2025/jan/14/ministers-consider-ban-on-all-uk-public-bodies-making-ransomware-payments
dc.relation.referencesY. Borboën, “Ransomware as a business model: Legal aspects of ransom payment,” PwC Switzerland, Apr. 1, 2022. [En línea]. Disponible: https://www.pwc.ch/en/insights/cybersecurity/ransom-payment.html
dc.relation.referencesV. M. H. Fernando, “Detección de amenazas informáticas de tipo Malware Bancario o Ransomware Móvil hacia dispositivos Android, integrando IOC en una técnica semiautomatizada y con base en comportamientos analizados de incidentes,” Repositorio ITM, 2022. [En línea]. Disponible: https://repositorio.itm.edu.co/handle/20.500.12622/5700
dc.relation.referencesR. H. Mahdi and H. Trabelsi, “Detection of Malware by Using YARA Rules,” in 2024 IEEE Int. Conf. on SSD, pp. 1–8, 2024. doi: 10.1109/ssd61670.2024.10549308
dc.relation.referencesN. Naik et al., “Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness,” in 2020 IEEE SSCI, Dec. 1, 2020. [En línea]. Disponible: https://ieeexplore.ieee.org/abstract/document/9308179
dc.relation.referencesN. Naik et al., “Fuzzy Hashing Aided Enhanced YARA Rules for Malware Triaging,” in 2020 IEEE SSCI, Dec. 1, 2020. [En línea]. Disponible: https://ieeexplore.ieee.org/abstract/document/9308189
dc.relation.referencesN. Naik, P. Jenkins, N. Savage, and L. Yang, “Cyberthreat hunting - part 1: Triaging ransomware using fuzzy hashing, import hashing and YARA rules,” in Proc. 2019 IEEE Int. Conf. on Fuzzy Systems (FUZZ-IEEE), 2019. doi: 10.1109/FUZZ-IEEE.2019.8858803
dc.relation.referencesN. Naik, P. Jenkins, N. Savage, and L. Yang, “Cyberthreat hunting - part 2: Tracking ransomware threat actors using fuzzy hashing and fuzzy C-means clustering,” in 2019 IEEE Int. Conf. on Fuzzy Systems (FUZZ-IEEE), 2019.
dc.relation.referencesAmazon Web Services, “Amazon Simple Storage Service Documentation,” 2022. https://docs.aws.amazon.com/s3/?nc2=h_ql_doc_s3 (accedida Jun. 1, 2025).
dc.relation.referencesAmazon Web Services, “AWS Lambda Documentation.” https://docs.aws.amazon.com/lambda/?icmpid=docs_homepage_featuredsvcs (accedida Jun. 10, 2025).
dc.relation.referencesAWS, “AWS LMBDA.” https://ieeexplore.bibliotecaitm.elogim.com/document/10605158
dc.relation.referencesCISA, “#StopRansomware: LockBit 3.0 TLP:CLEAR,” 2023. https://www.cisa.gov/sites/default/files/2023-03/aa23-075a-stop-ransomware-lockbit.pdf (accedida Jun.11, 2025).
dc.relation.referencesCISA, “Understanding Ransomware Threat Actors: LockBit,” Jun. 14, 2023. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a (accedida Jun. 11, 2025). [73] CISA, “#StopRansomware: Akira Ransomware,” Apr. 18, 2024. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a (accedida Jun. 11, 2025).
dc.relation.referencesJ. A. [Jaime Andres], “A spotlight on Akira ransomware from X-Force incident response and threat intelligence,” IBM X-Force, May 7, 2024. [En línea]. Disponible: https://www.ibm.com/think/x-force/spotlight-akira-ransomware-x-force
dc.relation.referencesN. Naik, P. Jenkins, R. Cooke, J. Gillett, and Y. Jin, “Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness,” IEEE, Dec. 2020. [En línea]. Disponible: https://ieeexplore.ieee.org/document/9308179
dc.relation.referencesM. Botacin, V. H. Galhardo Moia, F. Ceschin, M. A. Amaral Henriques, and A. Grégio, “Understanding uses and misuses of similarity hashing functions for malware detection and family clustering in actual scenarios,” Forensic Sci. Int.: Digit. Investigat., vol. 38, 2021. doi: 10.1016/j.fsidi.2021.301220
dc.rights.accessrightsinfo:eu-repo/semantics/openAccess
dc.rights.coarhttp://purl.org/coar/access_right/c_abf2
dc.rights.licenseAtribución-NoComercial 4.0 Internacional (CC BY-NC 4.0)
dc.rights.urihttps://creativecommons.org/licenses/by-nc/4.0/
dc.subject.ddc000 - Ciencias de la computación, información y obras generales::005 - Programación, programas, datos de computación
dc.subject.ocde2. Ingeniería y Tecnología::2K. Otras Ingenierías y Tecnologías::2K04. Ingeniería industrial
dc.subject.odsODS 3: Salud y bienestar. Garantizar una vida sana y promover el bienestar de todos a todas las edades
dc.subject.odsODS 4: Educación de calidad. Garantizar una educación inclusiva y equitativa de calidad y promover oportunidades de aprendizaje permanente para todos
dc.subject.odsODS 16: Paz, justicia e instituciones sólidas. Promover sociedades pacíficas e inclusivas para el desarrollo sostenible, facilitar el acceso a la justicia para todos y construir a todos los niveles instituciones eficaces e inclusivas que rindan cuentas
dc.subject.otherSeguridad en la red
dc.subject.otherMalware (programa para computación)
dc.subject.otherSeguridad de la información
dc.subject.proposalRansomwareeng
dc.subject.proposalYARAeng
dc.subject.proposalSSDEEPeng
dc.subject.proposalAWS Lambdaeng
dc.subject.proposalDetección de Malwarespa
dc.subject.proposalAWS S3eng
dc.subject.proposalCiberseguridadspa
dc.titleMarco referencial de seguridad semi-automatizado implementando reglas YARA integradas con algoritmos fuzzy hashing SSDEEP para incrementar la identificación de ransomware en bucket’s de AWS S3spa
dc.typeTrabajo de grado - Maestría
dc.type.coarhttp://purl.org/coar/resource_type/c_18cf
dc.type.coarversionhttp://purl.org/coar/version/c_970fb48d4fbd8a85
dc.type.contentText
dc.type.driverinfo:eu-repo/semantics/masterThesis
dc.type.redcolhttp://purl.org/redcol/resource_type/TM
dc.type.versioninfo:eu-repo/semantics/publishedVersion
dspace.entity.typePublication

Archivos

Bloque original

Mostrando 1 - 2 de 2
Miniatura
Nombre:
Tesis de maestría
Tamaño:
2.27 MB
Formato:
Adobe Portable Document Format
Descargar
Miniatura
Nombre:
Carta de autorización
Tamaño:
214.34 KB
Formato:
Adobe Portable Document Format
Descargar

Bloque de licencias

Mostrando 1 - 1 de 1
Miniatura
Nombre:
license.txt
Tamaño:
1.37 KB
Formato:
Item-specific license agreed upon to submission
Descripción:
Descargar

Colecciones

Autoarchivo