Please use this identifier to cite or link to this item: http://repository.aaup.edu/jspui/handle/123456789/2061
Title: Detection and Prediction of Ransomware Based on Network Behavior Using Machine Learning رسالة ماجستير
Other Titles: الكشف عن فايروس الفدية و التنبؤ به بناء على سلوك الشبكة باستخدام التعليم الالي
Authors: Abu Helo, Hamdi Yasser Ayoub$AAUP$Palestinian
Keywords: Ransomwares,Ransomware Attacks Classification,Ransomware Stages,Machine Learning,Machine Learning Algorithms
Issue Date: Mar-2024
Publisher: AAUP
Abstract: Computer malware has been growing at a rapid way in recent years, with ransomware emerging as a particularly powerful threat. Numerous victims, including companies, hospitals, and individuals, have suffered large financial losses as a result of the fast spread of ransomware. Due to the fact that they frequently rely on infection detection, traditional ransomware detection techniques have often proven ineffective. Using network behavior analysis to preventatively identify ransomware incidents provides a more effective solution to this problem. However, weaknesses identified in the literature review include limited sample sizes, reliance on few protocols, excessive feature usage leading to higher execution times, and experiments conducted in outdated environments. Addressing these gaps, this research offers a robust framework for ransomware detection and analysis, contributing significantly to the cybersecurity domain. This thesis uses a dataset of 145 ransomware samples from four different families to give an extensive analysis of network behavior with a particular focus on ransomware. A dedicated, isolated testbed was built to support this study. A traffic recording and information extraction from compromised host device from the testbed are part of the study. The investigation employs three machine learning algorithms - Random Forest (RF), k-Nearest Neighbors (KNN), and Gradient Boosting - to analyze the recorded data. This thesis presents a rigorous investigation into four ransomware families, achieving exceptional accuracy in binary and multiclass detection with notable execution time efficiency. The study also explores a diverse range of communication protocols used by ransomware such as HTTP, and TCP with focus on the use of the flags SYN, ACK, and RST.
Description: Master \ Cyber Security
URI: http://repository.aaup.edu/jspui/handle/123456789/2061
Appears in Collections:Master Theses and Ph.D. Dissertations

Files in This Item:
File Description SizeFormat 
حمدي ابو حلو.pdfMaster \ Cyber Security2.82 MBAdobe PDFThumbnail
View/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Admin Tools