Show simple item record

dc.contributor.authorO. Almashhadani, Ahmad
dc.contributor.authorKaiiali, Mustafa
dc.contributor.authorSezer, Sakir
dc.contributor.authorO’Kane, Philip
dc.date.accessioned2019-10-07T15:15:59Z
dc.date.available2019-10-07T15:15:59Z
dc.date.issued2019-03-26
dc.identifier.citationAlmashhadani, A.O. et al. (2019) A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware. IEEE Access, 7, pp. 47053-47067en
dc.identifier.issn2169-3536
dc.identifier.urihttps://dora.dmu.ac.uk/handle/2086/18577
dc.descriptionopen access articleen
dc.description.abstractRansomware is a type of advanced malware that has spread rapidly in recent years, causing significant financial losses for a wide range of victims, including organizations, healthcare facilities, and individuals. Modern host-based detection methods require the host to be infected first in order to identify anomalies and detect the malware. By the time of infection, it can be too late as some of the system's assets would have been already exfiltrated or encrypted by the malware. Conversely, the network-based methods can be effective in detecting ransomware attacks, as most ransomware families try to connect to command and control servers before their harmful payloads are executed. Therefore, a careful analysis of ransomware network traffic can be one of the key means for early detection. This paper demonstrates a comprehensive behavioral analysis of crypto ransomware network activities, taking Locky, one of the most serious families, as a case study. A dedicated testbed was built, and a set of valuable and informative network features were extracted and classified into multiple types. A network-based intrusion detection system was implemented, employing two independent classifiers working in parallel on different levels: packet and flow levels. The experimental evaluation of the proposed detection system demonstrates that it offers high detection accuracy, low false positive rate, valid extracted features, and is highly effective in tracking ransomware network activities.en
dc.language.isoenen
dc.publisherIEEEen
dc.subjectDomain Generation Algorithm (DGA)en
dc.subjectdynamic malware analysisen
dc.subjectLockyen
dc.subjectmachine learningen
dc.subjectmalware analysisen
dc.subjectransomwareen
dc.titleA Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomwareen
dc.typeArticleen
dc.identifier.doihttps://dx.doi.org/10.1109/ACCESS.2019.2907485
dc.funderNo external funderen
dc.cclicenceN/Aen
dc.date.acceptance2019-03-06
dc.researchinstituteCyber Technology Institute (CTI)en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record