Ransomware is a type of advanced malware that has spread rapidly in recent years, causingsignificant financial losses for a wide range of victims including organizations, healthcare facilities, andindividuals. Modern host-based detection methods require the host to be infected first in order to identifyanomalies and detect the malware. By the time of infection, it can be too late as some of the system’s assetswould have been already exfiltrated or encrypted by the malware. Conversely, network-based methods canbe effective in detecting ransomware attacks, as most ransomware families try to connect to command andcontrol servers before their harmful payloads are executed. Therefore, a careful analysis of ransomwarenetwork traffic can be one of the key means for early detection. This paper demonstrates a comprehensivebehavioral analysis of crypto ransomware network activities, taking Locky, one of the most seriousfamilies, as a case study. A dedicated testbed was built, and a set of valuable and informative networkfeatures were extracted and classified into multiple types. A network-based intrusion detection system wasimplemented, employing two independent classifiers working in parallel on different levels: packet and flowlevels. Experimental evaluation of the proposed detection system demonstrates that it offers high detectionaccuracy, low false positive rate, valid extracted features, and is highly effective in tracking ransomwarenetwork activities.
To View the Base Paper Abstract Contents
Now it is Your Time to Shine.
Great careers Start Here.
We Guide you to Every Step
Success! You're Awesome
Thank you for filling out your information!
We’ve sent you an email with your Final Year Project PPT file download link at the email address you provided. Please enjoy, and let us know if there’s anything else we can help you with.
To know more details Call 900 31 31 555
The WISEN Team