Ransomware Traffic Classification Using Deep Learning Models: Ransomware Traffic Classification

Ransomware Traffic Classification Using Deep Learning Models: Ransomware Traffic Classification

Arivudainambi D. (Anna University, Tamil Nadu, India), Varun Kumar K.A. (Anna University, Tamil Nadu, India), Vinoth Kumar R. (Vel Tech Rangarajan Dr. Sagunthala R&D Institute of Science and Technology, Chennai, India) and Visu P. (Velammal College of Engineering, Chennai, India)
Copyright: © 2020 |Pages: 11
DOI: 10.4018/IJWP.2020010101
OnDemand PDF Download:
No Current Special Offers


Ransomware is a malware which affects the systems data with modern encryption techniques, and the data is recovered once a ransom amount is paid. In this research, the authors show how ransomware propagates and infects devices. Live traffic classifications of ransomware have been meticulously analyzed. Further, a novel method for the classification of ransomware traffic by using deep learning methods is presented. Based on classification, the detection of ransomware is approached with the characteristics of the network traffic and its communications. In more detail, the behavior of popular ransomware, Crypto Wall, is analyzed and based on this knowledge, a real-time ransomware live traffic classification model is proposed.
Article Preview

Literature Review

Ezhilchelvan and Mitrani Paul (2017) presented a ransomware detection model by observing different kinds of ransomware families over the 2 years and evaluate the growth and impact of ransomware in IOT environment. The presented detection model is for crypto locker ransomware which the model monitors the incoming TCP/IP packets through server then seize the packet header and used command and control server which blacklisted the detected ransomware attacks. Sajad et al. (2017) described the threat detection model by collecting the sample logs for different ransomware families. By using the maximal frequent pattern method, they mine the entire log files by different classification method and extract instances of ransomware that achieved a 95% result for detecting ransomware samples. It also helps for practicality that pattern mining is useful in the detection of ransomware families and construction a threat detection model for given ransomware families.

Vinayakumar, Soman, Velany, and Ganorkar (2017) presented a ransomware classification technique by using a Multi-Layer Perceptron classifier. It characterizes and differentiates benign and ransomware families which attains an accuracy of 1.0 for detecting the ransomware and 0.98% over the categories obtained. It suggested MLP is far better than standard classifiers for dealing with ransomware. Karimi and Moattar (2017) used an LDA has two-phase and presented an optimal approach for identifying ransomware. In the first phase, the extraction of features is done through LDA and In the second phase training process is done with LDA for prediction. The 97% of accuracy is obtained through this method which outperforms all other techniques. Yalew, Maguire, Haridi, and Correia (2017) designed a ransomdroid secure backup system for Android mobile devices. It gives security from malware which it takes backup of every system files and stored in a backup of the full system from whatever updated backup. The prototype is tested for performance evaluation in IMx3 development board.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 14: 2 Issues (2022): 1 Released, 1 Forthcoming
Volume 13: 2 Issues (2021)
Volume 12: 2 Issues (2020)
Volume 11: 2 Issues (2019)
Volume 10: 2 Issues (2018)
Volume 9: 2 Issues (2017)
Volume 8: 1 Issue (2016)
Volume 7: 2 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing