OMK Alhawi
Leveraging machine learning techniques for Windows ransomware network traffic detection
Alhawi, OMK; Baldwin, J; Dehghantanha, A
Authors
J Baldwin
A Dehghantanha
Contributors
A Dehghantanha A.Dehghantanha@salford.ac.uk
Editor
M Conti
Editor
T Dargahi T.Dargahi@salford.ac.uk
Editor
Abstract
Ransomware has become a significant global threat with the ransomware-as-a-service model enabling easy availability and deployment, and the potential for high revenues creating a viable criminal business model. Individuals, private companies or public service providers e.g. healthcare or utilities companies can all become victims of ransomware attacks and consequently suffer severe disruption and financial loss. Although machine learning algorithms are already being used to detect ransomware, variants are being developed to specifically evade detection when using dynamic machine learning techniques. In this paper we introduce NetConverse, a machine learning evaluation study for consistent detection of Windows ransomware network traffic. Using a dataset created from conversation-based network traffic features we achieved a True Positive Rate (TPR) of 97.1% using the Decision Tree (J48) classifier.
Citation
Alhawi, O., Baldwin, J., & Dehghantanha, A. (2018). Leveraging machine learning techniques for Windows ransomware network traffic detection. In A. Dehghantanha, M. Conti, & T. Dargahi (Eds.), Cyber Threat Intelligence (93-106). Springer. https://doi.org/10.1007/978-3-319-73951-9_5
| Online Publication Date | Apr 24, 2018 |
|---|---|
| Publication Date | Apr 24, 2018 |
| Deposit Date | Sep 27, 2018 |
| Publisher | Springer |
| Pages | 93-106 |
| Book Title | Cyber Threat Intelligence |
| ISBN | 9783319739502 |
| DOI | https://doi.org/10.1007/978-3-319-73951-9_5 |
| Publisher URL | https://doi.org/10.1007/978-3-319-73951-9_5 |
| Related Public URLs | https://link.springer.com/book/10.1007/978-3-319-73951-9#toc |