Today, due to the high volume of mobile phone use of Android in the world has increased the software infected with malware in the Android market.The most dangerous of these malware are ransomware that is increasing due to the development of cryptocurrencies. Various researches have been conducted in the field of ransomware detection, which is one of the defense methods, identifying ransomware through network traffic. Few studies and researches have been conducted in this area, which often due to the use of data sets stored in simulated and unrealistic environments have no optimal accuracy rate, so in this study, the standard dataset of UNB University of Canada which has 10 families of ransomware is selected and then tested in two stages on 84 primary features using MI and Anova feature selection algorithm. Is. As a result, 10 different features have been obtained for each algorithm without reducing the accuracy rate of detection. Then, using two sets of obtained features, the best result of the classification is obtained from the algorithms of decision tree, random forest and XGboost. The findings of this study show an average accuracy of 78.5% in ransomware identification using XGboost classification algorithm and MI feature selection. The results of this study can be used to improve ransomware detection methods in all native security equipment such as IDS, IPS, SIEM, SOC.
-
Notifications
You must be signed in to change notification settings - Fork 1
Nezamisafa/Ransomware-Detection-by-Network-Traffic-Analysis
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
A.Nezamisafa
Topics
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published