Feature-Selection-Based Ransomware Detection with Machine Learning of Data Analysis

2018 3rd International Conference on Computer and Communication Systems (ICCCS) Pub Date : 2018-04-27 DOI:10.1109/CCOMS.2018.8463300

Yu-Lun Wan, Jen-Chun Chang, Rong-Jaye Chen, Shiuh-Jeng Wang

{"title":"Feature-Selection-Based Ransomware Detection with Machine Learning of Data Analysis","authors":"Yu-Lun Wan, Jen-Chun Chang, Rong-Jaye Chen, Shiuh-Jeng Wang","doi":"10.1109/CCOMS.2018.8463300","DOIUrl":null,"url":null,"abstract":"Ransomwares are continuously produced in underground markets such that increasingly high-level and sophisticated ransomwares are spreading all over the world, significantly affecting individuals, businesses, governments, and countries. To prevent large-scale attacks, most companies buy intrusion detection systems to alert regarding any abnormal network behavior. However, they cannot be detected using conventional signature-based detection even though ransomwares belong to the same family. In this study, a method is provided to develop a network intrusion detection model that is based on big data technology. The system uses Argus for packet preprocessing, merging, and labeling the known malicious data. A concept of Biflow was proposed to replace the packet data. Further, we observe that the data size is reduced to 1000: 1. Additionally, the characteristics of a complete traffic are obtained. Six feature selection algorithms were combined to achieve a better accuracy in terms of classification. Finally, the decision tree model of the supervised machine learning was used to enhance the performance of intrusion detection system.","PeriodicalId":405664,"journal":{"name":"2018 3rd International Conference on Computer and Communication Systems (ICCCS)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 3rd International Conference on Computer and Communication Systems (ICCCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCOMS.2018.8463300","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

Abstract

Ransomwares are continuously produced in underground markets such that increasingly high-level and sophisticated ransomwares are spreading all over the world, significantly affecting individuals, businesses, governments, and countries. To prevent large-scale attacks, most companies buy intrusion detection systems to alert regarding any abnormal network behavior. However, they cannot be detected using conventional signature-based detection even though ransomwares belong to the same family. In this study, a method is provided to develop a network intrusion detection model that is based on big data technology. The system uses Argus for packet preprocessing, merging, and labeling the known malicious data. A concept of Biflow was proposed to replace the packet data. Further, we observe that the data size is reduced to 1000: 1. Additionally, the characteristics of a complete traffic are obtained. Six feature selection algorithms were combined to achieve a better accuracy in terms of classification. Finally, the decision tree model of the supervised machine learning was used to enhance the performance of intrusion detection system.

查看原文本刊更多论文

基于特征选择的勒索软件检测与数据分析的机器学习

勒索软件在地下市场不断生产，越来越高水平和复杂的勒索软件在世界各地传播，严重影响个人，企业，政府和国家。为了防止大规模攻击，大多数公司都购买入侵检测系统，以便对任何异常的网络行为发出警报。然而，使用传统的基于签名的检测方法无法检测到它们，即使勒索软件属于同一家族。本研究提供了一种基于大数据技术的网络入侵检测模型的开发方法。该系统使用Argus对数据包进行预处理、合并和标记已知的恶意数据。提出了用bilow来代替包数据的概念。此外，我们观察到数据大小减少到1000:1。此外，还获得了一个完整流量的特征。结合六种特征选择算法，在分类方面获得了更好的准确率。最后，利用监督机器学习中的决策树模型来提高入侵检测系统的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 3rd International Conference on Computer and Communication Systems (ICCCS)

自引率

0.00%

发文量