Deployment of Ransomware Detection Using Dynamic Analysis and Machine Learning

Abstract: Ransomware's growing impact is powered by dedicated criminal teams working within an organized business framework. Because of the amount of sensitive information stored on devices and the cloud while transferring over the networks, malware detection, especially ransomware, has become a primary research topic in recent years. In this paper, we present a dynamic feature dataset with 50 characteristics that are ransomware related and with low correlation pairwise. The link to the dataset is included. Using this dataset, machine learning models are generated implementing Random Forest, Gradient Boosted Regression Trees, Gaussian Naïve Bayes, and Neural Networks algorithms obtaining average ten-fold cross-validation accuracies between 74% and 100%. Processing times range between 0.15 sec and 25.47 secs, allowing a fast response to avoid encryption. These models are applied to new artifacts to effectively detect possible incoming threats.

Keywords: Ransomware Detection, Dynamic Analysis, Encryptor, Locker, Features, Dataset, Machine Learning, Timeline of the Ransomware Evolution

DOI: 10.54941/ahfe1003714

Cite this paper:

​