Detecting and Classifying Ransomware Using Network Packet Analysis and Machine Learning*

被引:0
作者
Lai, Tai-hung [1 ]
Tsai, Wen-tsung [1 ]
Lin, Shao-ru [2 ]
Liu, Te-min [3 ]
Chou, Chao-lung [4 ]
机构
[1] Natl Def Univ, Chung Cheng Inst Technol, Dept Comp Sci & Informat Engn, Taoyuan 335, Taiwan
[2] Natl Chung Shan Inst Sci & Technol, Taoyuan 325, Taiwan
[3] Network Traff Packets Anal Assoc, Taipei 106, Taiwan
[4] Feng Chia Univ, Dept Informat Engn & Comp Sci, Taichung 407, Taiwan
关键词
abnormal behaviors; ransomware; packet analysis; machine learning; WannaCry;
D O I
10.6688/JISE.202411_40(6).0001
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This study examines on the abnormal behaviors exhibited by ransomware attacks in network environments. We proposed two features based on the number of network packets containing ransomware-associated files and the instances of access being denied to shared files, to detect whether computers within the same local area network are under attack from ransomware. The two features are further trained by various machine learning algorithms, such as decision trees, sequential minimal optimization, and simple logistic regression, to classify different types of ransomware. The experiment employs three well-known ransomware families: WannaCry, Conti, and Maze. After 600 experiments, the results show that the average classification accuracy rate exceeds 99.25%, proving the effectiveness of the proposed method in detecting and classifying ransomware.
引用
收藏
页码:1161 / 1172
页数:12
相关论文
共 16 条
[1]  
Aishwarya B., 2018, Advances in Electronics, Communication and Computing, P273
[2]  
Akbanov M, 2019, Journal of Telecommunications and Information Technology, V1, P113, DOI DOI 10.26636/JTIT.2019.130218
[3]   Utilizing Cyber Threat Hunting Techniques to Find Ransomware Attacks: A Survey of the State of the Art [J].
Aldauiji, Fatimah ;
Batarfi, Omar ;
Bayousef, Manal .
IEEE ACCESS, 2022, 10 :61695-61706
[4]  
Asrodia Pallavi., 2013, International Journal of Engineering Trends and Technology (IJETT), V4
[5]   Maternal periconceptual nutrition, early pregnancy, and developmental outcomes in beef cattle [J].
Caton, Joel S. ;
Crouse, Matthew S. ;
McLean, Kyle J. ;
Dahlen, Carl R. ;
Ward, Alison K. ;
Cushman, Robert A. ;
Grazul-Bilska, Anna T. ;
Neville, Bryan W. ;
Borowicz, Pawel P. ;
Reynolds, Lawrence P. .
JOURNAL OF ANIMAL SCIENCE, 2020, 98 (12)
[6]   Automated Behavioral Analysis of Malware A Case Study of WannaCry Ransomware [J].
Chen, Qian ;
Bridges, Robert A. .
2017 16TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA), 2017, :454-460
[7]   LOGISTIC REGRESSION MODELS [J].
Dominguez-Almendros, S. ;
Benitez-Parejo, N. ;
Gonzalez-Ramirez, A. R. .
ALLERGOLOGIA ET IMMUNOPATHOLOGIA, 2011, 39 (05) :295-305
[8]  
Juraj U., 2020, Visual analysis of network packet capture files
[9]   Early detection of crypto-ransomware using pre-encryption detection algorithm [J].
Kok, S. H. ;
Abdullah, Azween ;
Jhanjhi, N. Z. .
JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES, 2022, 34 (05) :1984-1999
[10]  
Kok SH, 2019, INT J COMPUT SCI NET, V19, P136