MFMCNS: A Multi-Feature and Multi-Classifier Network-based System for Ransomworm Detection

Simple item page
dc.cclicenceCC BYen
dc.contributor.authorAlmashhadani, Ahmad O.
dc.contributor.authorCarlina, Domhnall
dc.contributor.authorKaiiali, Mustafa
dc.contributor.authorSezer, Sakir
dc.date.acceptance2022-07-24
dc.date.accessioned2022-08-12T13:08:27Z
dc.date.available2022-08-12T13:08:27Z
dc.date.issued2022-07-29
dc.descriptionopen access articleen
dc.description.abstractRansomware is a type of advanced malware that can encrypt a user’s files or lock a computer system until a ransom has been paid. Ransomworm is a type of malware that combines the payload of ransomware with the propagation feature of a computer worm. Most host-based detection methods require the host to be infected and the payload to be executed first to be able to identify anomalies and detect the malware. By the time of infection, it might too late as some of the system’s assets would have been already encrypted or exfiltrated by the malware. On the contrary, the network-based methods can be one of the crucial means in detecting ransomworm activities when it attempts to spread to infect other networks before executing the payload. Therefore, a thorough analysis of ransomworm network traffic can be one of the essential means for early detection. This paper presents a comprehensive behavioral analysis of ransomworm network traffic, taking WannaCry, which launched a worldwide cyberattack, and NotPetya as a case study. Two sets of related features were extracted based on two independent flow levels: session-based and time-based. On top of each set, an independent classifier was built. Moreover, to improve the reliability, a multi-feature and multi-classifier network-based system, MFMCNS, has been proposed. MFMCNS employs these classifiers working in parallel on different flow levels, then it adopts a fusion rule to combine the classifiers’ decisions. The experimental results prove that MFMCNS is reliable and has high detection accuracy.en
dc.funderNo external funderen
dc.identifier.citationAlmashhadani, A.O., Carlina, D., Kaiiali, M. and Sezer, S. (2022) MFMCNS: A Multi-Feature and Multi-Classifier Network-based System for Ransomworm Detection. Computers & Security, 121, 102860en
dc.identifier.doihttps://doi.org/10.1016/j.cose.2022.102860
dc.identifier.issn0167-4048
dc.identifier.urihttps://hdl.handle.net/2086/22105
dc.language.isoenen
dc.peerreviewedYesen
dc.publisherElsevieren
dc.researchinstituteCyber Technology Institute (CTI)en
dc.subjectRansomwormen
dc.subjectWannaCryen
dc.subjectIntrusion Detection Systemen
dc.subjectMachine learningen
dc.subjectNetwork Securityen
dc.subjectNetwork Traffic Analysisen
dc.titleMFMCNS: A Multi-Feature and Multi-Classifier Network-based System for Ransomworm Detectionen
dc.typeArticleen

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
1-s2.0-S0167404822002541-main.pdf
Size:
1.59 MB
Format:
Adobe Portable Document Format
Description:
Main article
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
4.2 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

School of Computer Science and Informatics