Open Access Open Access  Restricted Access Subscription Access

Ransomware Detection Technique by using Network Packet Analysis and Machine Learning

Wen-Tsung Tsai,
Shao-Ru Lin,
Te-Min Liu,
Chao-Lung Chou,

Abstract


In recent years, information security incidents about enterprises and government agencies being attacked by ransomware viruses have gradually appeared on the news. Hackers penetrate users' computers through social engineering or insidious methods and encrypt their files by using ransomware viruses. Suppose the victim is eager to restore the files to avoid stagnation of the organization's operations and damage to personal interests. In that case, the ransom payment may be made according to the method specified by the hacker. To reduce damage, gaining response time is the primary goal while attacked by such attacks. Therefore, a real-time dynamic analysis method is required to detect ransomware attacks.
Because of the abnormal behaviors of ransomware attacks in the network environment, this research proposes two indicators, that is, the ransom file (RF) and abnormal packets (AP), to detect whether computers are attacked by ransomware and use machine learning algorithms such as decision tree, sequential minimum optimization (SMO) and simple Logistic regression to classify different ransomware according to the two indicators. After 600 rounds of experiments, the results show an average classification accuracy rate of 99.25%, indicating that the proposed method can effectively detect and classify ransomware.


Citation Format:
Wen-Tsung Tsai, Shao-Ru Lin, Te-Min Liu, Chao-Lung Chou, "Ransomware Detection Technique by using Network Packet Analysis and Machine Learning," Communications of the CCISA, vol. 28, no. 4 , pp. 36-57, Nov. 2022.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.





Published by Chinese Cryptology and Information Security Association (CCISA), Taiwan, R.O.C
CCCISA Editorial Office, No.1, Sec. 1, Shennong Rd., Yilan City, Yilan County 260, Taiwan (R.O.C.)
E-mail: ccisa.editor@gmail.com