{"title":"利用机器学习技术分析网络流量来识别勒索软件家族","authors":"May Almousa, Janet Osawere, Mohd Anwar","doi":"10.1109/TransAI51903.2021.00012","DOIUrl":null,"url":null,"abstract":"The number of prominent ransomware attacks has increased recently. In this research, we detect ransomware by analyzing network traffic by using machine learning algorithms and comparing their detection performances. We have developed multi-class classification models to detect families of ransomware by using the selected network traffic features, which focus on the Transmission Control Protocol (TCP). Our experiment showed that decision trees performed best for classifying ransomware families with 99.83% accuracy, which is slightly better than the random forest algorithm with 99.61% accuracy. The experimental result without feature selection classified six ransomware families with high accuracy. On the other hand, classifiers with feature selection gave nearly the same result as those without feature selection. However, using feature selection gives the advantage of lower memory usage and reduced processing time, thereby increasing speed. We discovered the following ten important features for detecting ransomware: time delta, frame length, IP length, IP destination, IP source, TCP length, TCP sequence, TCP next sequence, TCP header length, and TCP initial round trip.","PeriodicalId":426766,"journal":{"name":"2021 Third International Conference on Transdisciplinary AI (TransAI)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Identification of Ransomware families by Analyzing Network Traffic Using Machine Learning Techniques\",\"authors\":\"May Almousa, Janet Osawere, Mohd Anwar\",\"doi\":\"10.1109/TransAI51903.2021.00012\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The number of prominent ransomware attacks has increased recently. In this research, we detect ransomware by analyzing network traffic by using machine learning algorithms and comparing their detection performances. We have developed multi-class classification models to detect families of ransomware by using the selected network traffic features, which focus on the Transmission Control Protocol (TCP). Our experiment showed that decision trees performed best for classifying ransomware families with 99.83% accuracy, which is slightly better than the random forest algorithm with 99.61% accuracy. The experimental result without feature selection classified six ransomware families with high accuracy. On the other hand, classifiers with feature selection gave nearly the same result as those without feature selection. However, using feature selection gives the advantage of lower memory usage and reduced processing time, thereby increasing speed. We discovered the following ten important features for detecting ransomware: time delta, frame length, IP length, IP destination, IP source, TCP length, TCP sequence, TCP next sequence, TCP header length, and TCP initial round trip.\",\"PeriodicalId\":426766,\"journal\":{\"name\":\"2021 Third International Conference on Transdisciplinary AI (TransAI)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 Third International Conference on Transdisciplinary AI (TransAI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TransAI51903.2021.00012\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 Third International Conference on Transdisciplinary AI (TransAI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TransAI51903.2021.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Identification of Ransomware families by Analyzing Network Traffic Using Machine Learning Techniques
The number of prominent ransomware attacks has increased recently. In this research, we detect ransomware by analyzing network traffic by using machine learning algorithms and comparing their detection performances. We have developed multi-class classification models to detect families of ransomware by using the selected network traffic features, which focus on the Transmission Control Protocol (TCP). Our experiment showed that decision trees performed best for classifying ransomware families with 99.83% accuracy, which is slightly better than the random forest algorithm with 99.61% accuracy. The experimental result without feature selection classified six ransomware families with high accuracy. On the other hand, classifiers with feature selection gave nearly the same result as those without feature selection. However, using feature selection gives the advantage of lower memory usage and reduced processing time, thereby increasing speed. We discovered the following ten important features for detecting ransomware: time delta, frame length, IP length, IP destination, IP source, TCP length, TCP sequence, TCP next sequence, TCP header length, and TCP initial round trip.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
