Thesis in progress: AI Enhanced EDR Systems

Abstract

Ransomware has been growing and evolving at a frightening pace, which most companies cannot keep up with. Industry standards are falling behind the current technologies being leveraged by ransomware groups and ransomware has been growing more frequent and profitable every year. Data from the Office of the Director of National Intelligence shows that the number of ransomware attacks worldwide grew from 2,593 in 2022 to 5,289 in 2024, which is an increase of over double. Typical endpoint detection and response (EDR) is quickly becoming ineffective in the face of modern cyber-attacks, especially as the number of endpoints grows due to the rise of internet of things (IOT) technologies and remote work. Current detection software can simply not keep up with the demand that is required for all these devices, particularly in larger organizations. The rate of false positive when using traditional EDR is also incredibly time consuming and disruptive to the system. One solution to this growing problem is to create an AI or ML integrated EDR system that could sort through data incredibly quickly. This would allow for more automated and faster responses. AI that could look for the signs of ransomware, trained on data of common attack vectors, could be much more effective in finding and preventing ransomware attacks while also being more cost effective in terms of overhead and equipment. Figuring out if these systems could be the answer to the problem of ransomware is an important pursuit. The research questions which stem from this is are follows: 1. What is the effect of AI driven EDR on the effectiveness of ransomware mitigation and response? 2. What techniques are most effectively paired with AI enhanced EDR systems?

Start Time

15-4-2026 9:00 AM

End Time

15-4-2026 10:00 AM

Room Number

272

Presentation Type

Oral Presentation

Presentation Subtype

Research-in-Progress

Presentation Category

Science, Technology, and Engineering

Faculty Mentor

Lehrfeld Michael

This document is currently not available here.

Share

COinS
 
Apr 15th, 9:00 AM Apr 15th, 10:00 AM

Thesis in progress: AI Enhanced EDR Systems

272

Ransomware has been growing and evolving at a frightening pace, which most companies cannot keep up with. Industry standards are falling behind the current technologies being leveraged by ransomware groups and ransomware has been growing more frequent and profitable every year. Data from the Office of the Director of National Intelligence shows that the number of ransomware attacks worldwide grew from 2,593 in 2022 to 5,289 in 2024, which is an increase of over double. Typical endpoint detection and response (EDR) is quickly becoming ineffective in the face of modern cyber-attacks, especially as the number of endpoints grows due to the rise of internet of things (IOT) technologies and remote work. Current detection software can simply not keep up with the demand that is required for all these devices, particularly in larger organizations. The rate of false positive when using traditional EDR is also incredibly time consuming and disruptive to the system. One solution to this growing problem is to create an AI or ML integrated EDR system that could sort through data incredibly quickly. This would allow for more automated and faster responses. AI that could look for the signs of ransomware, trained on data of common attack vectors, could be much more effective in finding and preventing ransomware attacks while also being more cost effective in terms of overhead and equipment. Figuring out if these systems could be the answer to the problem of ransomware is an important pursuit. The research questions which stem from this is are follows: 1. What is the effect of AI driven EDR on the effectiveness of ransomware mitigation and response? 2. What techniques are most effectively paired with AI enhanced EDR systems?