Measuring Ransomware Propagation Patterns via Network Traffic Analysis: An Automated Approach

Ransomware continues to pose an escalating threat to global network infrastructures, capable of causing extensive financial and operational damage across industries. Understanding the patterns of ransomware propagation through network traffic analysis offers a novel and significant approach to early detection and mitigation. By employing a controlled sandbox environment, combined with machine learning techniques, this research captures distinct traffic behaviors associated with ransomware attacks, focusing on metrics such as lateral movement speed, packet size variability, and connection durations. The study's approach demonstrates how detailed feature extraction from network traffic can provide a more dynamic and adaptive defense against emerging ransomware threats, surpassing the limitations of traditional signature-based detection methods. The results of the experiments reveal key differences in the propagation strategies of various ransomware families, providing valuable insights for cybersecurity practitioners looking to enhance network defenses. Through the integration of real-time traffic analysis and machine learning models, the research presents a scalable framework for detecting ransomware activity in both controlled and real-world networks.