Ransomware Classification and Detection With Machine Learning Algorithms

TL;DR

This paper proposes a machine learning framework using feature selection and various classifiers, including neural networks, to improve ransomware detection and classification accuracy.

Contribution

It introduces a feature selection-based approach applying multiple machine learning algorithms, notably demonstrating the superior performance of Random Forest classifiers.

Findings

Random Forest outperforms other classifiers in accuracy, F-beta, and precision.

Neural network-based classifiers are effectively integrated into ransomware detection.

The framework is validated on a ransomware dataset, showing promising results.

Abstract

Malicious attacks, malware, and ransomware families pose critical security issues to cybersecurity, and it may cause catastrophic damages to computer systems, data centers, web, and mobile applications across various industries and businesses. Traditional anti-ransomware systems struggle to fight against newly created sophisticated attacks. Therefore, state-of-the-art techniques like traditional and neural network-based architectures can be immensely utilized in the development of innovative ransomware solutions. In this paper, we present a feature selection-based framework with adopting different machine learning algorithms including neural network-based architectures to classify the security level for ransomware detection and prevention. We applied multiple machine learning algorithms: Decision Tree (DT), Random Forest (RF), Naive Bayes (NB), Logistic Regression (LR) as well as Neural Network (NN)-based classifiers on a selected number of features for ransomware classification. We performed all the experiments on one ransomware dataset to evaluate our proposed framework. The experimental results demonstrate that RF classifiers outperform other methods in terms of accuracy, F-beta, and precision scores.