Title | Identification of Ransomware families by Analyzing Network Traffic Using Machine Learning Techniques |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Almousa, May, Osawere, Janet, Anwar, Mohd |
Conference Name | 2021 Third International Conference on Transdisciplinary AI (TransAI) |
Date Published | sep |
Keywords | Classification algorithms, composability, Computer hacking, feature extraction, machine learning, machine learning algorithms, Metrics, network traffic, Protocols, pubcrawl, ransomware, ransomware attacks, ransomware families, Resiliency, telecommunication traffic |
Abstract | The number of prominent ransomware attacks has increased recently. In this research, we detect ransomware by analyzing network traffic by using machine learning algorithms and comparing their detection performances. We have developed multi-class classification models to detect families of ransomware by using the selected network traffic features, which focus on the Transmission Control Protocol (TCP). Our experiment showed that decision trees performed best for classifying ransomware families with 99.83% accuracy, which is slightly better than the random forest algorithm with 99.61% accuracy. The experimental result without feature selection classified six ransomware families with high accuracy. On the other hand, classifiers with feature selection gave nearly the same result as those without feature selection. However, using feature selection gives the advantage of lower memory usage and reduced processing time, thereby increasing speed. We discovered the following ten important features for detecting ransomware: time delta, frame length, IP length, IP destination, IP source, TCP length, TCP sequence, TCP next sequence, TCP header length, and TCP initial round trip. |
DOI | 10.1109/TransAI51903.2021.00012 |
Citation Key | almousa_identification_2021 |