Ransomware Detection Using Machine Learning Techniques

Abstract

The proliferation of ransomware attacks is a critical cybersecurity threat that organizations globally face. This situation necessitates effective prevention and mitigation strategies. These malicious programs encrypt data and extort payments, impacting various industries. They highlight the urgent need for robust defense mechanisms. Despite advancements in machine learning for ransomware detection, there is a notable gap in the comparative analysis of individual algorithms such as Decision Tree (DT), Support Vector Machine (SVM), and Multi-Layer Perceptron (MLP). This study aims to fill the gap by providing a comparative analysis of these algorithms. It focuses on using the UG Ransome dataset and key metrics including accuracy, precision, recall, and F-measure. The experiments were conducted using Python. The results demonstrate that the Decision Tree outperforms SVM and MLP across all metrics. It achieves an accuracy of 98.83%, precision of 99.41%, recall of 99.41%, and F-measure of 99.41%. SVM and MLP, on the other hand, achieved lower scores. These results highlight the Decision Tree's superior performance in capturing non-linear data relationships, which is crucial for ransomware detection. The major contribution of this study is the identification of the Decision Tree as a highly effective model for ransomware detection. It significantly outperforms other models. The findings suggest that the Decision Tree's ability to model complexities within the data makes it a robust and reliable tool for safeguarding systems against ransomware attacks. Future research should explore the Decision Tree's performance across diverse ransomware datasets, integrate ensemble learning, investigate adversarial machine learning techniques, and enhance real-time detection methods. These efforts will improve the robustness and applicability of machine learning-based ransomware detection systems.