Defend Against Ransomware Detection Using Intrusion Detection System (IDS)

Ransomware is currently one of the most impactful forms of cyber-attacks available. One of the greatest challenges posed by ransom ware is the extremely large number and diversity of ransom ware families, and the fact that new ransom ware variants are being released by cybercriminals on a regular basis. In this paper, studied different ransom ware families, and identified several distinctive characteristics and attributes that could be used in early detection of ransom ware based on network traffic analysis. Intrusion Detection System (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities or through security policy violations. Institution network is a complex infrastructure consisting of multiple virtual local area networks "VLANs" separating the different departments, laboratories and facilities according to their functions. Institution Network border consists of a firewall which oversees the ingoing and outgoing traffic and also has a manual monitoring system which logs intrusion attempts. To perform any action against an intrusion the administrator has to perform any action manually. The aim of this paper is to provide an intrusion detection system to be deployed on the Institution Network infrastructure. The IDS will be in the form of an Agent which is located on the network's border acting as the second line of defense behind the firewall, the agent will analyze network traffic by comparing the behavior with a database containing certain measures hence classifying the user.