Graduate Degree Type
School of Computing and Information Systems
Ransomware is one of the top threats in the world of cyber security. The ransomware
landscape is growing in sophistication and maturity. The latest developments in ransomware, such as Ransomware as a service (RaaS), have exacerbated the problem by offering would-be criminals ransomware services, lowering the technical barrier to entry. Private and public sector stakeholders are currently investing heavily in ransomware detection. Ransomware detection benefits private businesses and government organizations by reducing the hefty financial cost of a ransomware attack. It is therefore crucial that ransomware detection is accurate and efficient. There are shortcomings in machine learning (ML) models and datasets when working with ransomware detection. Specifically, there is a need for monitoring UDP traffic. One alternative that remains to be properly tested is federated learning. This thesis aims to demonstrate the viability of federated learning as a solution to detect ransomware, by testing speed and accuracy (using metrics such as accuracy, precision, and recall) in a virtual network environment. In addition to the main benefits of federated learning (distributed datasets and privacy), the research will also analyze if federated learning offers performance advantages in Malware detection compared to other machine learning models. The main focus of the research will be analyzing UDP traffic. UDP is not given much attention by organizations since it's a stateless protocol.
Teshome, Bereket Getnet, "Federated Learning Based Detection of Ransomware" (2023). Masters Theses. 1081.