Enhanced Ransomware Detection Techniques using Machine Learning Algorithms

Abstract

A challenge that governments, enterprises as well as individuals are constantly facing is the growing threat of ransomware attacks. Ransomware is a type of malware that encrypts the user's files and then demands a huge sum of money from the user. This increasing complexity calls for more advancement and innovative ideas in defensive strategies used to tackle the problems. In this paper, firstly we discuss the existing research in the field of ransomware detection techniques and their shortcomings. Secondly, a juxtaposed study on various machine learning algorithms to detect ransomware attacks is compared for ransomware dataset. Thirdly, various behavioral data such as API Calls, Target files, Registry Operations, Signature, Network Accesses are collected for each ransomware and benign sample and the results are compared for various attributes to understand the behavior of the attack. In order to understand the behavior of the attack various Machine Learning Algorithms like KNN, Naïve Bayes, Random Forest, Decision Trees are used for training and testing the dataset.. Further optimization was done using hyper parameters to control the learning process. Finally, we have used the model(s) Accuracy, F1 Score, Precision and Recall to compare the results observed and suggesting how the roadmap for how efficiently the attacks can be prevented in future.