Ransomware Detection and Classification Using Random Forest: A Case Study with the UGRansome2024 Dataset

TL;DR

This paper introduces the UGRansome2024 dataset for ransomware detection in network traffic and demonstrates that a Random Forest classifier can achieve 96% accuracy in identifying ransomware activities, aiding proactive cybersecurity measures.

Contribution

The study presents a new optimized ransomware dataset and applies Random Forest for detection, showing high accuracy and relevance for cybersecurity applications.

Findings

Random Forest achieved 96% classification accuracy.

Certain ransomware variants like EDA and Globe have higher financial impacts.

The dataset enables effective differentiation between normal and malicious network behaviour.

Abstract

Cybersecurity faces challenges in identifying and mitigating ransomware, which is important for protecting critical infrastructures. The absence of datasets for distinguishing normal versus abnormal network behaviour hinders the development of proactive detection strategies against ransomware. An obstacle in proactive prevention methods is the absence of comprehensive datasets for contrasting normal versus abnormal network behaviours. The dataset enabling such contrasts would significantly expedite threat anomaly mitigation. In this study, we introduce UGRansome2024, an optimised dataset for ransomware detection in network traffic. This dataset is derived from the UGRansome data using an intuitionistic feature engineering approach that considers only relevant patterns in network behaviour analysis. The study presents an analysis of ransomware detection using the UGRansome2024 dataset and the Random Forest algorithm. Through encoding and feature relevance determination, the Random Forest achieved a classification accuracy of 96% and effectively identified unusual ransomware transactions. Findings indicate that certain ransomware variants, such as those utilising Encrypt Decrypt Algorithms (EDA) and Globe ransomware, have the highest financial impact. These insights have significant implications for real-world cybersecurity practices, highlighting the importance of machine learning in ransomware detection and mitigation. Further research is recommended to expand datasets, explore alternative detection methods, and address limitations in current approaches.