Skip to content

Nezamisafa/Ransomware-Detection-by-Network-Traffic-Analysis

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 

Repository files navigation

Today, due to the high volume of mobile phone use of Android in the world has increased the software infected with malware in the Android market.The most dangerous of these malware are ransomware that is increasing due to the development of cryptocurrencies. Various researches have been conducted in the field of ransomware detection, which is one of the defense methods, identifying ransomware through network traffic. Few studies and researches have been conducted in this area, which often due to the use of data sets stored in simulated and unrealistic environments have no optimal accuracy rate, so in this study, the standard dataset of UNB University of Canada which has 10 families of ransomware is selected and then tested in two stages on 84 primary features using MI and Anova feature selection algorithm. Is. As a result, 10 different features have been obtained for each algorithm without reducing the accuracy rate of detection. Then, using two sets of obtained features, the best result of the classification is obtained from the algorithms of decision tree, random forest and XGboost. The findings of this study show an average accuracy of 78.5% in ransomware identification using XGboost classification algorithm and MI feature selection. The results of this study can be used to improve ransomware detection methods in all native security equipment such as IDS, IPS, SIEM, SOC.