Leveraging machine learning techniques for Windows ransomware network traffic detection

Alhawi, OMK, Baldwin, J and Dehghantanha, A ORCID: https://orcid.org/0000-0002-9294-7554 2018, 'Leveraging machine learning techniques for Windows ransomware network traffic detection' , in: Cyber Threat Intelligence , Springer, pp. 93-106.

Full text not available from this repository. (Request a copy)

Abstract

Ransomware has become a significant global threat with the ransomware-as-a-service model enabling easy availability and deployment, and the potential for high revenues creating a viable criminal business model. Individuals, private companies or public service providers e.g. healthcare or utilities companies can all become victims of ransomware attacks and consequently suffer severe disruption and financial loss. Although machine learning algorithms are already being used to detect ransomware, variants are being developed to specifically evade detection when using dynamic machine learning techniques. In this paper we introduce NetConverse, a machine learning evaluation study for consistent detection of Windows ransomware network traffic. Using a dataset created from conversation-based network traffic features we achieved a True Positive Rate (TPR) of 97.1% using the Decision Tree (J48) classifier.

Item Type: Book Section
Editors: Dehghantanha, A, Conti, M and Dargahi, T
Schools: Schools > School of Computing, Science and Engineering
Publisher: Springer
ISBN: 9783319739502
Related URLs:
Depositing User: USIR Admin
Date Deposited: 27 Sep 2018 15:19
Last Modified: 27 Sep 2018 15:19
URI: http://usir.salford.ac.uk/id/eprint/48514

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)