An Empirical Comparison of Supervised Algorithms for Ransomware Identification on Network Traffic
Android mobile systems are currently the main target of malware attacks. In this sense, machine learning is a suitable approach to analyze network traffic, and it generally achieves good results in the identification and detection of malware. However, an underlying problem is creating a dataset with...
Saved in:
| Published in | 2020 39th International Conference of the Chilean Computer Science Society (SCCC) pp. 1 - 7 |
|---|---|
| Main Authors | , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
16.11.2020
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.1109/SCCC51225.2020.9281283 |
Cover
| Abstract | Android mobile systems are currently the main target of malware attacks. In this sense, machine learning is a suitable approach to analyze network traffic, and it generally achieves good results in the identification and detection of malware. However, an underlying problem is creating a dataset with network characteristics that accurately reflect the malwareś behavior. Characterizing adequately the dataset is a relevant process to identify malware with high precision when using traditional machine learning algorithms. This paper compares empirically three supervised machine learning algorithms, in order to identify ransomware traffic based on Android mobile network traffic features. We consider 9 features related to time properties of flows and bidirectional packets in 10 families of ransomware and different benign application Android network traffic. Empirical results show that Random Forest (RF) achieved a 96% accuracy in classifying ransomware, higher than Decision Tree (DT) and K-Nearest Neighbor (KNN) approaches. We conclude that the selected features allow us to identify ransomware traffic and differentiate it from the traffic of benign applications. |
|---|---|
| AbstractList | Android mobile systems are currently the main target of malware attacks. In this sense, machine learning is a suitable approach to analyze network traffic, and it generally achieves good results in the identification and detection of malware. However, an underlying problem is creating a dataset with network characteristics that accurately reflect the malwareś behavior. Characterizing adequately the dataset is a relevant process to identify malware with high precision when using traditional machine learning algorithms. This paper compares empirically three supervised machine learning algorithms, in order to identify ransomware traffic based on Android mobile network traffic features. We consider 9 features related to time properties of flows and bidirectional packets in 10 families of ransomware and different benign application Android network traffic. Empirical results show that Random Forest (RF) achieved a 96% accuracy in classifying ransomware, higher than Decision Tree (DT) and K-Nearest Neighbor (KNN) approaches. We conclude that the selected features allow us to identify ransomware traffic and differentiate it from the traffic of benign applications. |
| Author | Meneses, Claudio Leger, Paul Manzano, Carlos |
| Author_xml | – sequence: 1 givenname: Carlos surname: Manzano fullname: Manzano, Carlos email: cmanzano@ucn.cl organization: Universidad Católica del Norte,Escuela de Ingeniería,Coquimbo,Chile – sequence: 2 givenname: Claudio surname: Meneses fullname: Meneses, Claudio email: cmeneses@ucn.cl organization: Universidad Católica del Norte,Dpto. Ing. de Sistemas y Computación,Antofagasta,Chile – sequence: 3 givenname: Paul surname: Leger fullname: Leger, Paul email: pleger@ucn.cl organization: Universidad Católica del Norte,Escuela de Ingeniería,Coquimbo,Chile |
| BookMark | eNotj91KwzAcxSPohc49gSB5gdZ8LE1yWcLUwVBw83r82yYabJOSVIdvb4e7Opxz-B04N-gyxGARuqekpJToh50xRlDGRMkII6VmijLFL9BSS0Xl7BRnil0jqANeD6NPvoUemziMkHyOAUeHd9-jTT8-2w7X_UdMfvocMnYx4TcIOQ5HSBZvOhsm72Z88ics4Bc7HWP6wvsEbs5v0ZWDPtvlWRfo_XG9N8_F9vVpY-pt4SnnU0G1g6aqnGwbJxntukqAWzVcCekUb0E2SknSCaXbuV-5llZEUs0EFwCcCL5Ad_-73lp7GJMfIP0ezsf5H-KmU_k |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/SCCC51225.2020.9281283 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9781728183282 1728183286 |
| EndPage | 7 |
| ExternalDocumentID | 9281283 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i133t-19fab66f7cbf721dd65af4b3857f83ca7b8870d589cf724fc1607192535aa3053 |
| IEDL.DBID | RIE |
| IngestDate | Thu Jun 29 18:38:27 EDT 2023 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i133t-19fab66f7cbf721dd65af4b3857f83ca7b8870d589cf724fc1607192535aa3053 |
| PageCount | 7 |
| ParticipantIDs | ieee_primary_9281283 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-Nov.-16 |
| PublicationDateYYYYMMDD | 2020-11-16 |
| PublicationDate_xml | – month: 11 year: 2020 text: 2020-Nov.-16 day: 16 |
| PublicationDecade | 2020 |
| PublicationTitle | 2020 39th International Conference of the Chilean Computer Science Society (SCCC) |
| PublicationTitleAbbrev | SCCC |
| PublicationYear | 2020 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 2.1724486 |
| Snippet | Android mobile systems are currently the main target of malware attacks. In this sense, machine learning is a suitable approach to analyze network traffic, and... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Android Features Selection Machine Learning Ransomware Traffic Identification |
| Title | An Empirical Comparison of Supervised Algorithms for Ransomware Identification on Network Traffic |
| URI | https://ieeexplore.ieee.org/document/9281283 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwFA7bTp5UNvHHlBw8mq6_kjbHUTaGsCHOwW4jaRIdunZsLYJ_vS9tnSgehB5CE0hI4H3vJe_7HkK3visAhRkjJk45CY2WRAQ6JoxybpSxEGIJztMZmyzC-yVdttDdgQujta6Sz7Rjm9VbvsrT0l6VDbgPcBQHbdSOIl5ztRrSr-fywTxJEoAvn0LU57tOM_hH1ZQKNMbHaPo1XZ0r8uqUhXTSj19KjP9dzwnqfdPz8MMBeE5RS2ddJIYZHm2260ryAyeH8oI4N3hebq1J2GuFh2_P-W5dvGz2GNxV_AhIlW_exU7jmrJrmjs8DN-sThHHgGdWaKKHFuPRUzIhTf0EsobIsyAeN0IyZqJUGgj0lGJUmFAGMY1MHKQikmBhXEVjnkJ_aNJKbI77NKBCgB0IzlAnyzN9jjCzasbgDEnNdUgjX4IfxYQSkntShVpcoK7dntW2lshYNTtz-ffvK3Rkj8hS-jzWR51iV-prwPZC3lSH-gmmsKb8 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwFA5zHvSksom_zcGj7foraXMcZWPqNsRtsNtImkSHrh1bh-Bf70tbJ4oHoYfQBBISeN97yfu-h9CN53BAYUotHSXMCrQSFvdVZFHCmJbaQIghOA-GtDcJ7qdkWkO3Wy6MUqpIPlO2aRZv-TJLNuaqrMU8gKPI30G7BKKKsGRrVbRf12GtURzHAGAegbjPc-xq-I-6KQVsdA_Q4GvCMlvk1d7kwk4-fmkx_ndFh6j5TdDDj1voOUI1lTYQb6e4s1jOC9EPHG8LDOJM49FmaYzCWkncfnvOVvP8ZbHG4LDiJ8CqbPHOVwqXpF1d3eJh-IZlkjgGRDNSE0006XbGcc-qKihYc4g9c8tlmgtKdZgIDaGelJRwHQg_IqGO_ISHAmyMI0nEEugPdFLIzTGP-IRzsAT-MaqnWapOEKZGzxjcIaGYCkjoCfCkKJdcMFfIQPFT1DDbM1uWIhmzamfO_v59jfZ640F_1r8bPpyjfXNchuDn0gtUz1cbdQlIn4ur4oA_AZncqk0 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2020+39th+International+Conference+of+the+Chilean+Computer+Science+Society+%28SCCC%29&rft.atitle=An+Empirical+Comparison+of+Supervised+Algorithms+for+Ransomware+Identification+on+Network+Traffic&rft.au=Manzano%2C+Carlos&rft.au=Meneses%2C+Claudio&rft.au=Leger%2C+Paul&rft.date=2020-11-16&rft.pub=IEEE&rft.spage=1&rft.epage=7&rft_id=info:doi/10.1109%2FSCCC51225.2020.9281283&rft.externalDocID=9281283 |