Ransomware Traffic Classification Using Deep Learning Models: Ransomware Traffic Classification

Literature Review

Ezhilchelvan and Mitrani Paul (2017) presented a ransomware detection model by observing different kinds of ransomware families over the 2 years and evaluate the growth and impact of ransomware in IOT environment. The presented detection model is for crypto locker ransomware which the model monitors the incoming TCP/IP packets through server then seize the packet header and used command and control server which blacklisted the detected ransomware attacks. Sajad et al. (2017) described the threat detection model by collecting the sample logs for different ransomware families. By using the maximal frequent pattern method, they mine the entire log files by different classification method and extract instances of ransomware that achieved a 95% result for detecting ransomware samples. It also helps for practicality that pattern mining is useful in the detection of ransomware families and construction a threat detection model for given ransomware families.

Vinayakumar, Soman, Velany, and Ganorkar (2017) presented a ransomware classification technique by using a Multi-Layer Perceptron classifier. It characterizes and differentiates benign and ransomware families which attains an accuracy of 1.0 for detecting the ransomware and 0.98% over the categories obtained. It suggested MLP is far better than standard classifiers for dealing with ransomware. Karimi and Moattar (2017) used an LDA has two-phase and presented an optimal approach for identifying ransomware. In the first phase, the extraction of features is done through LDA and In the second phase training process is done with LDA for prediction. The 97% of accuracy is obtained through this method which outperforms all other techniques. Yalew, Maguire, Haridi, and Correia (2017) designed a ransomdroid secure backup system for Android mobile devices. It gives security from malware which it takes backup of every system files and stored in a backup of the full system from whatever updated backup. The prototype is tested for performance evaluation in IMx3 development board.