Detection and monitoring of ransomware attacks using machine learning and Deep Learning

Abstract

This thesis presents a comprehensive investigation into the threat of ransomware and explores recent advancements in detection techniques. With the rise in the popularity of ransomware, a unique ecosystem of cybercriminals has emerged, leveraging encryption technology, anonymous cybersecurity, and easily accessible ransomware code. To address this growing concern, this thesis emphasizes the need for a machine learning (ML) and Deep Learning (DL) solution to detect ransomware attacks. Additionally, the study introduces the utilization of Software Defined Networking (SDN) combined with ML and DL for enhanced ransomware detection and mitigation. In our pursuit of demonstrating ransomware detection capabilities, we introduce an architectural design aimed at providing a highly efficient solution for proactively countering ransomware attacks. Experimental results demonstrate the efficacy of the developed mechanism in promptly detecting and preventing the spread of ransomware. Moreover, considering the significant damage caused by ransomware attacks, the thesis explores the training and testing of various ML and DL models for ransomware detection. A novel and flexible ransomware detection model is proposed, achieving good accuracy and F1-scores on different domains of the dataset. The proposed method is applicable to any domain of network traffic analysis data. In the context of the dynamic malware landscape, this thesis explores the detection of ransomware attacks by monitoring network traffic between infected computers and command and control servers. By extracting high-level flow features and utilizing a random forest classifier, a flow-based detection method is developed to identify and classify ransomware without deep packet inspection. The proposed solution demonstrates a high detection rate and low false negative rate, proving its feasibility and accuracy. The proposed approach significantly improves detection accuracy, making it effective for detecting both ransomware and specific types of malware. The method achieves feature reduction and quick convergence means that our method is attributed to its adept feature reduction capabilities, showcasing its efficiency and efficacy.