AUTHOREA
Log in
Sign Up
Browse Preprints
LOG IN
SIGN UP
Essential Site Maintenance
: Authorea-powered sites will be updated circa 15:00-17:00 Eastern on Tuesday 5 November.
There should be no interruption to normal services, but please contact us at
[email protected]
in case you face any issues.
Micah Williams
Public Documents
1
Entropy-Based Network Traffic Analysis for Efficient Ransomware Detection
Micah Williams
and 4 more
October 08, 2024
Ransomware has become one of the most pervasive and damaging threats to modern network infrastructures, causing significant financial and operational disruptions across industries. The proposed entropy-based detection approach offers a novel and dynamic solution to this growing problem through the analysis of network traffic entropy, enabling the identification of ransomware activity without the limitations of traditional signature-based methods. The methodology calculates and aggregates entropy values from various traffic attributes, capturing anomalies that reflect both short-term spikes and long-term ransomware behaviors. Machine learning classifiers then utilize these aggregated entropy features to distinguish between benign and ransomware-related traffic with high accuracy. Experimental evaluations demonstrate the effectiveness of the system in reducing false positives, maintaining real-time processing capabilities, and providing scalable ransomware detection across diverse network environments. The adaptive nature of entropy analysis ensures that the system remains resilient against the increasingly sophisticated tactics employed by ransomware operators.