DESIGN OF RANSOMWARE DETECTION BEHAVIOUR MODEL ON NETWOK USING MACHINE LEARNING
Data from the McAfee Labs Threats Report states that in the first quarter of 2019, Ransomware attacks increased by 118%. The impact of a Ransomware attack caused significant financial losses to many victims, including organizations, health facilities, and individuals. This happens because ranso...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/54524 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:54524 |
|---|---|
| spelling |
id-itb.:545242021-03-18T11:15:01ZDESIGN OF RANSOMWARE DETECTION BEHAVIOUR MODEL ON NETWOK USING MACHINE LEARNING Satria Yudha, Sarlendra Indonesia Theses Ransomware, Dynamic analysis, Ransomware Detection, Machine learning INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/54524 Data from the McAfee Labs Threats Report states that in the first quarter of 2019, Ransomware attacks increased by 118%. The impact of a Ransomware attack caused significant financial losses to many victims, including organizations, health facilities, and individuals. This happens because ransomware is currently being used as a bad tool, namely to earn money, steal data, hack systems or stop normal functioning of the system. Ransomware has characteristics and behavior in carrying out attacks, namely by infecting the victim's computer. Then, the ransomware will contact the C&C (Command and Control) server to obtain or store the encryption key. After getting the encryption key from the C&C or it can be locally, the encryption key management process will then occur, which is the process of saving the encryption key to a remote server. After that the ransomware will encrypt the system and perform blackmail on the victim. Currently ransomware Detection is mostly done by host based methods. However, the host based method requires that the infected host first then detects it. This is dangerous, as the ransomware can encrypt files in just minutes. For that we need an accurate model in detecting ransomware, where the Detection occurs before the ransomware performs any destructive action. In this study, the aim of this research is to design a model that can detect several Ransomware families based on their behavior in the network. This model is designed to be able to detect ransomware accurately and early. This can be done by extracting behavioral features from different ransomware families. These features are the behavior of the ransomware that is being carried out, until before the encryption phase. Then the model will use these features to conduct training. From the test results, this study compares several algorithms such as SVM, Decision Tree, KNN, Naïve Bayes and Random Forest. Then, the best accuracy is Naïve Bayes, with detection accuracy reaching 89% on cross validation and 95% on confusion matrix. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
Data from the McAfee Labs Threats Report states that in the first quarter of 2019, Ransomware
attacks increased by 118%. The impact of a Ransomware attack caused significant financial
losses to many victims, including organizations, health facilities, and individuals. This happens
because ransomware is currently being used as a bad tool, namely to earn money, steal data,
hack systems or stop normal functioning of the system.
Ransomware has characteristics and behavior in carrying out attacks, namely by infecting the
victim's computer. Then, the ransomware will contact the C&C (Command and Control) server
to obtain or store the encryption key. After getting the encryption key from the C&C or it can
be locally, the encryption key management process will then occur, which is the process of
saving the encryption key to a remote server. After that the ransomware will encrypt the system
and perform blackmail on the victim.
Currently ransomware Detection is mostly done by host based methods. However, the host
based method requires that the infected host first then detects it. This is dangerous, as the
ransomware can encrypt files in just minutes. For that we need an accurate model in detecting
ransomware, where the Detection occurs before the ransomware performs any destructive
action.
In this study, the aim of this research is to design a model that can detect several Ransomware
families based on their behavior in the network. This model is designed to be able to detect
ransomware accurately and early. This can be done by extracting behavioral features from
different ransomware families. These features are the behavior of the ransomware that is being
carried out, until before the encryption phase. Then the model will use these features to conduct
training. From the test results, this study compares several algorithms such as SVM, Decision
Tree, KNN, Naïve Bayes and Random Forest. Then, the best accuracy is Naïve Bayes, with
detection accuracy reaching 89% on cross validation and 95% on confusion matrix. |
| format |
Theses |
| author |
Satria Yudha, Sarlendra |
| spellingShingle |
Satria Yudha, Sarlendra DESIGN OF RANSOMWARE DETECTION BEHAVIOUR MODEL ON NETWOK USING MACHINE LEARNING |
| author_facet |
Satria Yudha, Sarlendra |
| author_sort |
Satria Yudha, Sarlendra |
| title |
DESIGN OF RANSOMWARE DETECTION BEHAVIOUR MODEL ON NETWOK USING MACHINE LEARNING |
| title_short |
DESIGN OF RANSOMWARE DETECTION BEHAVIOUR MODEL ON NETWOK USING MACHINE LEARNING |
| title_full |
DESIGN OF RANSOMWARE DETECTION BEHAVIOUR MODEL ON NETWOK USING MACHINE LEARNING |
| title_fullStr |
DESIGN OF RANSOMWARE DETECTION BEHAVIOUR MODEL ON NETWOK USING MACHINE LEARNING |
| title_full_unstemmed |
DESIGN OF RANSOMWARE DETECTION BEHAVIOUR MODEL ON NETWOK USING MACHINE LEARNING |
| title_sort |
design of ransomware detection behaviour model on netwok using machine learning |
| url |
https://digilib.itb.ac.id/gdl/view/54524 |
| _version_ |
1822001805698007040 |