Enhancing Crypto Ransomware Detection Through Network Analysis and Machine Learning

Abstract

Crypto ransomware presents an ever-growing menace as it encrypts victim data and demands a ransom for decryption. The increasing frequency of ransomware attacks underscores the need for advanced detection techniques. A machine learning classification model is proposed to identify ransomware families. These models utilize specific network traffic features, with a particular emphasis on analyzing the user datagram protocol (UDP) and internet control message protocol (ICMP). Importantly, this approach incorporates feature selection to enhance efficiency without compromising accuracy, resulting in reduced memory usage and faster processing times. The proposed experiment utilizes various machine learning algorithms, including decision trees and random forest, to create highly accurate models for classifying ransomware families. Furthermore, the experiment combined network traffic analysis with other sophisticated methods such as behavioral analysis and honeypot deployment to effectively scale crypto ransomware detection.