An Empirical Comparison of Supervised Algorithms for Ransomware Identification on Network Traffic

Manzano, Carlos; Meneses, Claudio; Leger, Paul; IEEE

Abstract

Android mobile systems are currently the main target of malware attacks. In this sense, machine learning is a suitable approach to analyze network traffic, and it generally achieves good results in the identification and detection of malware. However, an underlying problem is creating a dataset with network characteristics that accurately reflect the malware ' s behavior. Characterizing adequately the dataset is a relevant process to identify malware with high precision when using traditional machine learning algorithms. This paper compares empirically three supervised machine learning algorithms, in order to identify ransomware traffic based on Android mobile network traffic features. We consider 9 features related to time properties of flows and bidirectional packets in 10 families of ransomware and different benign application Android network traffic. Empirical results show that Random Forest (RF) achieved a 96% accuracy in classifying ransomware, higher than Decision Tree ( DT) and K- Nearest Neighbor (KNN) approaches. We conclude that the selected features allow us to identify ransomware traffic and differentiate it from the traffic of benign applications.

Más información

Título según WOS: ID WOS:000848755600082 Not found in local WOS DB
Título de la Revista: 2020 39TH INTERNATIONAL CONFERENCE OF THE CHILEAN COMPUTER SCIENCE SOCIETY (SCCC)
Editorial: IEEE
Fecha de publicación: 2020
DOI:

10.1109/sccc51225.2020.9281283

Notas: ISI