Implementation of ransomware prediction system based on weighted-KNN and real-time isolation architecture on SDN Networks

In May 2017, hackers used the ransomware WannaCry to launch large-scale attacks on 150 countries, affecting every industry. Therefore, detection and control of the ransomware virus has become an important issue for security experts in recent years. Recently, machine learning, deep learning, and artificial intelligence technologies have become increasingly mature. Many companies (such as Google) have introduced software-defined networking (SDN) to replace the original network architecture, traffic routing, and network configuration control management. Therefore, this paper proposes a ransomware prediction system based on weighted-K-Nearest-Neighbor. This system includes the detection and prediction of ransomware packet traffic and design and the implementation of a dynamic isolation system integrated SDN. The experimental results show that the precision of detecting normal flow and abnormal flow is 99.7 and 97.7, respectively.