Leveraging machine learning techniques for windows ransomware network traffic detection

Omar Alhawi, James Baldwin, Ali Dehghantanha

    Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review


    Ransomware has become a significant global threat with the ransomware-as-a-service model enabling easy availability and deployment, and the potential for high revenues creating a viable criminal business model. Individuals, private companies or public service providers e.g. healthcare or utilities companies can all become victims of ransomware attacks and consequently suffer severe disruption and financial loss. Although machine learning algorithms are already
    being used to detect ransomware, variants are being developed to specifically evade detection when using dynamic machine learning techniques. In this paper we introduce NetConverse, a machine learning analysis of Windows ransomware network traffic to achieve a high, consistent detection rate. Using a dataset created from conversation-based network traffic features we achieved a true positive detection rate of 97.1% using the Decision Tree (J48) classifier.
    Original languageEnglish
    Title of host publicationCyber Threat Intelligence
    Subtitle of host publicationAdvances in Information Security
    EditorsAli Dehghantanha, Mauro Conti, Tooska Dargahi
    PublisherSpringer Nature
    Number of pages14
    ISBN (Print)978-3319739502
    Publication statusPublished - 2018


    • Ransomware
    • Malware detection
    • Machine learning
    • Network traffic
    • Intrusion detection


    Dive into the research topics of 'Leveraging machine learning techniques for windows ransomware network traffic detection'. Together they form a unique fingerprint.

    Cite this