The Need to Teach Malware Detection Early; Handling Ransomware Using Actor-Network

McCarty, William, School of Engineering and Applied Science, University of Virginia
Graham, Daniel, EN-Comp Science Dept, University of Virginia
Baritaud, Catherine, EN-Engineering and Society, University of Virginia

Many people do not understand how malware works, so a method to help people understand malware better is necessary. The technical report looked at how teaching students about malware detection could make understanding malware easier. By teaching these students how malware detection works, small companies would be more likely to get employees with an understanding of how malware works. The research paper looked at how Actor-Network Theory could be used to help small companies understand ransomware better, so they could respond better. In both cases, these reports are meant to help small companies be able to understand malware better, making these reports tightly coupled to each other.
Small companies have less resources to allocate to their IT departments, making them more susceptible to a cyber-security threat. If the standard level of knowledge on malware was higher, than the likelihood for these companies having people that understand malware would be higher. The technical report focused on teaching student’s malware detection using concepts that could be found at an introductory level computer science course, so these concepts could become be spread to the greatest number of people possible. This spread could then lead to a rise in this standard level of knowledge on malware and in turn helping small companies be able to have a larger number of people with malware knowledge.
The technical report successfully found that signature-based malware detection is an example of a type of malware detection that could be used to help people understand malware better. Signature-based malware detection can be simplified and translated into nearly any computer science course, allowing a large number of courses being able to incorporate it. Additionally, signature-based malware detection could be used to help people understand concepts like how malware can inject malicious code, which can alter how code operates. This application of signature-based malware detection could be applied to other types of malware detection allowing for many more concepts of malware to be taught. Through this investigation, it has been demonstrated that a preemptive approach to teaching malware can be done successfully.
The research paper’s goal was to help small companies be able to understand ransomware better, so the companies can respond even if they have not already prepared ahead of time. Actor-Network Theory was used to better understand the interactions between a small company, the other actors, and networks involved. These interactions were analyzed for each main type of position a small company may be in after they have been infected by ransomware and each were then compared relative to the original position of having just been infected. This research primarily used sources from articles published by leading cyber security professionals and leading cyber security business.
Actor-Network Theory was able to make comparing the small companies position clearer. By making the small companies position clearer, it can become easier for the companies to understand the situation and act accordingly. Using these results, it can be concluded that a reactive response to malware is possible. Out of these positions, some appeared to be better than others, but often the better positions relied on other actors to take certain actions. Though this analysis the companies involved would be able to understand better that their actions are not the only decider in what occurs going forward.
Drawing from these two investigations, teaching people more about malware can help reduce cybercrime rates. Both preemptive and reactive responses have been shown to be effective ways of teaching people how malware works. These results can help small companies and it is hoped by helping these small companies, cybersecurity across the globe can be improved. In both cases, a certain level of investment may be necessary to implement changes, but this investment may be able to protect companies across the globe.

BS (Bachelor of Science)
Actor Network Theory, Malware Detection, Ransomware, Reactive Response, Proactive Response

School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Daniel Graham
STS Advisor: Catherine Baritaud

All rights reserved (no additional license for public reuse)
Issued Date: