WeiYu Chen
Adv. Artif. Intell. Mach. Learn., 5 (2):3866-3882
1. WeiYu Chen: Chinese Culture University
DOI: 10.54364/AAIML.2025.52219
Article History: Received on: 22-Mar-25, Accepted on: 14-Jun-25, Published on: 21-Jun-25
Corresponding Author: WeiYu Chen
Email: cwy4@ulive.pccu.edu.tw
Citation: Wei-Yu Chen, et al. Malware Traffic and Ransomware Anomaly Detection Based on Wavelet Time-Frequency Analysis and Deep Learning. Advances in Artificial Intelligence and Machine Learning. 2025;5(2):219.
This study proposes a method for detecting
malicious software traffic (especially ransomware) using wavelet transform
analysis of network traffic. We leverage the public intrusion detection dataset
CICIDS2017 to extract network flow features, and perform time-frequency
analysis on the traffic time-series signals via wavelet transform. This
produces spectral features such as energy distribution and entropy, which are
used to train machine learning models. We compare the performance of Support
Vector Machine (SVM), Random Forest (RF), and neural network models in
identifying anomalous traffic. Experimental results show that wavelet spectrum
features combined with machine learning classification effectively distinguish
normal versus malicious traffic, with the neural network achieving the best
performance – its accuracy and F1-score exceed those of the traditional
methods. This demonstrates that wavelet time-frequency analysis can improve the
accuracy of malicious traffic detection and provides good recognition
capability even for unknown attacks.