Ransomware triage using deep learning: Twitter as a case study

R. Vinayakumar, Mamoun Alazab, Alireza Jolfaei, K. P. Soman, Prabaharan Poornachandran

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

27 Citations (Scopus)


The increasing number of cyberattacks in recent years has expedited development of innovative tools to quickly detect new threats. A recent approach to this problem is to analyze the content of online social networks to discover the rising of ransomware attacks. Twitter is a popular micro-blogging platform which allows millions of users to share their opinions on what happens all over the world. The subscribers can tweet messages of maximum 280 characters to share general information with URLs and hash tags. In this paper, we analysed 25 families of ransomware over a period of 7 years, from 2010 to 2017. We proposed a deep learning architecture to categorize ransomware tweets to their corresponding family. The proposed method can continuously monitor the online posts in social media data and thus is able to provide early warnings about ransomware spreads. This helps the incident management to better prioritize resources and procedures to mitigate the malicious activities. Tests have been performed to evaluate the performance of the proposed method and results show the effectiveness of our implementation.

Original languageEnglish
Title of host publicationProceedings
Subtitle of host publication2019 Cybersecurity and Cyberforensics Conference, CCC 2019
Place of PublicationNew Jersey, USA
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages7
ISBN (Print)9781728126005
Publication statusPublished - 2019
Externally publishedYes
Event2019 Cybersecurity and Cyberforensics Conference, CCC 2019 - Melbourne, Australia
Duration: 7 May 20198 May 2019


Conference2019 Cybersecurity and Cyberforensics Conference, CCC 2019


  • Cyber security
  • Deep learning
  • Ransomware
  • Triage
  • Twitter


Dive into the research topics of 'Ransomware triage using deep learning: Twitter as a case study'. Together they form a unique fingerprint.

Cite this