Mining Ransomware Signatures from Network Traffic




Patel, Darshitkumar

Journal Title

Journal ISSN

Volume Title



Ransomware is currently one of the most impactful forms of cyber-attacks available. One of the greatest challenges posed by ransomware is the extremely large number and diversity of ransomware families, and the fact that new ransomware variants are being released by cybercriminals on a regular basis. Despite such troublesome threat landscape, the development of adequate protection mechanisms is lagging far behind. In this project, we studied different ransomware families, and identified several distinctive characteristics and attributes that could be used in early detection of ransomware based on network traffic analysis. To prove our concept, we developed, implemented, and tested a new ruleset for ransomware detection using the SNORT Network Intrusion Detection engine. The long-term goal of the project is to incorporate this ruleset in an evolutionary rule generation model that would enable detecting new ransomware families effectively and efficiently.