Identification of Ransomware families by Analyzing Network Traffic Using Machine Learning Techniques

Almousa, May; Osawere, Janet; Anwar, Mohd

doi:10.1109/transai51903.2021.00012

Cited by 8 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors of reference [214] introduce REDFISH, a system to detect ransomware actions through monitoring network traffic for shared network data volumes. Further works in a similar vein can be found in references [215][216][217], where either generic traffic features (communication duration, protocol, IP addresses, etc.) or specific TCP-related features are considered by using ML algorithms like RF, SVM, DT (Decision Tree) and LR (Logistic Regression).…”

Section: Data Sourcementioning

confidence: 97%

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Gómez Hernández,

García Teodoro,

Magán Carrión

et al. 2023

Electronics

View full text Add to dashboard Cite

According to the premise that the first step to try to solve a problem is to deepen our knowledge of it as much as possible, this work is mainly aimed at diving into and understanding crypto-ransomware, a very present and true-world digital pandemic, from several perspectives. With this aim, this work contributes the following: (a) a review of the fundamentals of this security threat, typologies and families, attack model and involved actors, as well as lifecycle stages; (b) an analysis of the evolution of ransomware in the past years, and the main milestones regarding the development of new variants and real cases that have occurred; (c) a study of the most relevant and current proposals that have appeared to fight against this scourge, as organized in the usual defence lines (prevention, detection, response and recovery); and (d) a discussion of the current trends in ransomware infection and development as well as the main challenges that necessarily need to be dealt with to reduce the impact of crypto-ransomware. All of this will help to better understand the situation and, based on this, will help to develop more adequate defence procedures and effective solutions and tools to defeat attacks.

show abstract

Section: Data Sourcementioning

confidence: 97%

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Gómez Hernández,

García Teodoro,

Magán Carrión

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…Machine learning techniques have been extensively applied to the problem of ransomware detection, demonstrating significant promise across various domains. Decision trees provided a straightforward yet powerful means of classifying ransomware activities based on distinct features, which helped in isolating anomalous patterns indicative of ransomware attacks [1], [2]. Neural networks, with their deep learning capabilities, allowed for the modeling of complex relationships within large datasets, significantly enhancing the ability to detect subtle ransomware signatures that traditional methods might overlook [3], [4].…”

Section: A Machine Learning Approachesmentioning

confidence: 99%

Federated Learning-Based Ransomware Detection via Indicators of Compromise

Koike,

Tanaka,

Maeda

2024

Preprint

View full text Add to dashboard Cite

Ransomware attacks have become increasingly prevalent and sophisticated, posing significant threats to data security and organizational operations worldwide. Leveraging a federated learning-based approach, this research presents a novel and significant advancement in ransomware detection by utilizing network and file system indicators of compromise while ensuring data privacy. The methodology involves the decentralized training of machine learning models across multiple clients, which enhances the model's robustness and adaptability to various ransomware attack scenarios. Extensive experiments and evaluations demonstrate the high accuracy, precision, recall, and F1-scores achieved by the proposed model, showcasing its effectiveness in real-world applications. The innovative combination of preprocessing, feature engineering, and sophisticated machine learning techniques within a federated learning framework results in a scalable and privacy-preserving solution capable of addressing the dynamic and evolving landscape of ransomware threats. This study contributes valuable insights into the development of effective ransomware detection systems, emphasizing the importance of collaborative and decentralized learning techniques in enhancing cybersecurity defenses.

show abstract

“…These encryption-based ransomware types initially posed a substantial threat; however, their impact gradually waned as organizations strengthened their backup and recovery strategies, thereby diminishing the leverage these ransomware variants held [6]. This development in cybersecurity prompted the rise of more advanced ransomware variants like Locky and Cerber, which not only employed more sophisticated encryption algorithms but also integrated evasion tactics to circumvent traditional cybersecurity measures [3,7]. Yet, as cyber defenses continued to advance, particularly with the enhancement of backup and recovery solutions, the potency of ransomware relying solely on encryption began to decline [8,9].…”

Section: Ransomware Evolution and Trendsmentioning

confidence: 99%

“…This approach to cyber extortion gained widespread attention through infamous instances like Petya and WannaCry [6]. However, more recent trends have indicated a notable shift in the tactics employed by ransomware perpetrators [3,7]. Contemporary ransomware groups, moving beyond the sole reliance on file encryption, are progressively focusing on data exfiltration [8,9].…”

Section: Introductionmentioning

confidence: 99%

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Almeida,

Vasconcelos

2023

Preprint

View full text Add to dashboard Cite

This research looks into the evolving dynamics of ransomware, shifting from conventional encryption-based attacks to sophisticated data exfiltration strategies. Employing the Bidirectional Encoder Representations from Transformers (BERT) model, the study analyzes network traffic patterns to detect ransomware activities, offering new insights into their covert operations. The findings emphasize the need for advanced AI tools in cybersecurity, highlighting the significance of adapting and innovating defense strategies to counter the changing landscape of ransomware threats. The study contributes to a deeper understanding of ransomware evolution and underscores the importance of integrating AI in cybersecurity practices.

show abstract

Identification of Ransomware families by Analyzing Network Traffic Using Machine Learning Techniques

Cited by 8 publications

References 20 publications

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Federated Learning-Based Ransomware Detection via Indicators of Compromise

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Contact Info

Product

Resources

About