Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic

Ransomware is considered as a significant threat for home users and enterprises. In corporate scenarios, users’ computers usually store only system program files, while all the documents are accessed from shared servers. these one crypto-ransomware infected host capable of locking access to files it has to, which can be whole set workgroup users. We propose tool detect block activity based on file-sharing traffic analysis. The monitors exchanged between clients file servers using machine learning techniques searches patterns in that betray ransomware actions reading overwriting files. This first proposal designed work not clear text protocols but also encrypted protocols. extract features network describe opening, closing, modifying allow differentiation high benign applications. train test detection model large more than 70 binaries 33 different strains 2,400 h ‘not infected’ real results reveal proposed described, including those used training phase. paper provides validation algorithm by studying false positive rate amount information user could encrypt before being detected.