Ransomware Detection based on Network Behavior using Machine Learning and Hidden Markov Model with Gaussian Emission

Abstract

Ransomware poses a deadly threat to any device system and organization. Several studies and techniques are proposed in response to a dire need for a solution to detect ransomware in the early stages. We propose an approach to detect ransom ware based on network traffic behavior and validate the result using Hidden Markov Model with Gaussian Emission (GMM-HMM). Our methodology captures the network traffic, models a system's network state, and uses machine learning algorithms to predict if a state is benign or malicious. Our approach proves to be efficient with less false positive rate. We use the ISOT Ransomware dataset to train ML algorithms and GMM-HMM. In our work, we achieve an accuracy of 99.9% and 96.8% using decision tree and GMM-HMM, respectively. We use three different scenarios to test the robustness of the proposed framework with unseen data. The final state classification is achieved using the classification percentage of GMM-HMM.