Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection

Ransomware has become a significant global threat with the ransomware-as-a-service model enabling easy availability and deployment, and the potential for high revenues creating a viable criminal business model. Individuals, private companies or public service providers e.g. healthcare or utilities c...

Full description

Saved in:
Bibliographic Details
Published inAdvances in information security pp. 93 - 106
Main Authors Alhawi, Omar M. K., Baldwin, James, Dehghantanha, Ali
Format Book Chapter
LanguageEnglish
Published Cham Springer International Publishing 24.04.2018
SeriesAdvances in Information Security
Subjects
Intrusion detection
Machine learning
Malware detection
Network traffic
Ransomware
Online AccessGet full text
ISBN3319739506
9783319739502
ISSN1568-2633
2512-2193
DOI10.1007/978-3-319-73951-9_5

Cover

More Information
Summary:Ransomware has become a significant global threat with the ransomware-as-a-service model enabling easy availability and deployment, and the potential for high revenues creating a viable criminal business model. Individuals, private companies or public service providers e.g. healthcare or utilities companies can all become victims of ransomware attacks and consequently suffer severe disruption and financial loss. Although machine learning algorithms are already being used to detect ransomware, variants are being developed to specifically evade detection when using dynamic machine learning techniques. In this paper we introduce NetConverse, a machine learning evaluation study for consistent detection of Windows ransomware network traffic. Using a dataset created from conversation-based network traffic features we achieved a True Positive Rate (TPR) of 97.1% using the Decision Tree (J48) classifier.
ISBN:3319739506
9783319739502
ISSN:1568-2633
2512-2193
DOI:10.1007/978-3-319-73951-9_5