By the same authors

Ransomware detection and mitigation using software-defined networking: the case of WannaCry

Research output: Contribution to journalArticle



Publication details

JournalComputers & Electrical Engineering
DateAccepted/In press - 18 Mar 2019
DatePublished (current) - Jun 2019
Issue numberJune 2019
Number of pages11
Pages (from-to)111-121
Original languageEnglish


Modern day ransomware families implement sophisticated encryption and propagation schemes, thus limiting chances to recover the data almost to zero. We investigate the use of software-defined networking (SDN) to detect and mitigate advanced ransomware threat. We present our ransomware analysis results and our developed SDN-based security framework. For the proof of concept, the infamous WannaCry ransomware was used. Based on the obtained results, we design an SDN detection and mitigation framework and develop a solution based on OpenFlow. The developed solution detects suspicious activities through network traffic monitoring and blocks infected hosts by adding flow table entries into OpenFlow switches in a real-time manner. Finally, our experiments with multiple samples of WannaCry show that the developed mechanism in all cases is able to promptly detect the infected machines and prevent WannaCry from spreading.

Bibliographical note

© 2019 Elsevier Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy.

    Research areas

  • WannaCry, Ransomware, Software-defined networking, OpenFlow, Malware analysis

Discover related content

Find related publications, people, projects, datasets and more using interactive charts.

View graph of relations