We are mainly interested in malware analysis, in particular focusing on ransomware and sandbox evasion. We have proposed a machine learning approach for dynamically analysing and classifying ransomware by monitoring a set of actions performed by applications in their first phases of installation checking for characteristics signs of ransomware. Our approach works without requiring that an entire ransomware family is available beforehand. Full detail is in the paper “Automated Analysis of Ransomware: Benefits, Limitations, and use for Detection”
We have also analysed existing ransomware decoy strategies and their effectiveness in countering current ransomware by defining a set of metrics to measure their robustness. Further information can be found in the paper “On Deception-Based Protection Against Cryptographic Ransomware”.