Detecting and Classifying Ransomware Using Network Packet Analysis and Machine Learning*

被引：0

作者：

Lai, Tai-hung ^{[1
]}

Tsai, Wen-tsung ^{[1
]}

Lin, Shao-ru ^{[2
]}

Liu, Te-min ^{[3
]}

Chou, Chao-lung ^{[4
]}

机构：

[1] Natl Def Univ, Chung Cheng Inst Technol, Dept Comp Sci & Informat Engn, Taoyuan 335, Taiwan

[2] Natl Chung Shan Inst Sci & Technol, Taoyuan 325, Taiwan

[3] Network Traff Packets Anal Assoc, Taipei 106, Taiwan

[4] Feng Chia Univ, Dept Informat Engn & Comp Sci, Taichung 407, Taiwan

来源：

JOURNAL OF INFORMATION SCIENCE AND ENGINEERING | 2024年 / 40卷 / 06期

关键词：

abnormal behaviors; ransomware; packet analysis; machine learning; WannaCry;

D O I：

10.6688/JISE.202411_40(6).0001

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This study examines on the abnormal behaviors exhibited by ransomware attacks in network environments. We proposed two features based on the number of network packets containing ransomware-associated files and the instances of access being denied to shared files, to detect whether computers within the same local area network are under attack from ransomware. The two features are further trained by various machine learning algorithms, such as decision trees, sequential minimal optimization, and simple logistic regression, to classify different types of ransomware. The experiment employs three well-known ransomware families: WannaCry, Conti, and Maze. After 600 experiments, the results show that the average classification accuracy rate exceeds 99.25%, proving the effectiveness of the proposed method in detecting and classifying ransomware.

引用

页码：1161 / 1172

页数：12

共 16 条

[11] Machine Learning Techniques: A Survey [J].

Kour, Herleen ;

Gondhi, Naveen .

INNOVATIVE DATA COMMUNICATION TECHNOLOGIES AND APPLICATION, 2020, 46 :266-275

[12] A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions [J].

Oz, Harun ;

Aris, Ahmet ;

Levi, Albert ;

Uluagac, A. Selcuk .

ACM COMPUTING SURVEYS, 2022, 54 (11S)

[13]

Platt JL, 1998, INT CONGR SER, V1169, P21

[14] CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data [J].

Scaife, Nolen ;

Carter, Henry ;

Traynor, Patrick ;

Butler, Kevin R. B. .

PROCEEDINGS 2016 IEEE 36TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS ICDCS 2016, 2016, :303-312

[15] DECISION TREE CLASSIFIER - DESIGN AND POTENTIAL [J].

SWAIN, PH ;

HAUSKA, H .

IEEE TRANSACTIONS ON GEOSCIENCE AND REMOTE SENSING, 1977, 15 (03) :142-147

[16] Introduction of the ARDS-Anti-Ransomware Defense System Model-Based on the Systematic Review of Worldwide Ransomware Attacks [J].

Szucs, Veronika ;

Aranyi, Gabor ;

David, Akos .

APPLIED SCIENCES-BASEL, 2021, 11 (13)

← 1 2 →