Visible to the public Analysis of Machine Learning Techniques for Ransomware Detection

TitleAnalysis of Machine Learning Techniques for Ransomware Detection
Publication TypeConference Paper
Year of Publication2019
AuthorsNoorbehbahani, Fakhroddin, Rasouli, Farzaneh, Saberi, Mohammad
Conference Name2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)
Date Publishedaug
KeywordsCICAndMal2017 dataset, classification methods, composability, computer networks, cryptology, Human Behavior, invasive software, learning (artificial intelligence), machine learning, machine learning-based ransomware detection, malware detection, Metrics, pattern classification, policy-based governance, pubcrawl, Random Forest, ransomware, ransomware families, Resiliency, Scalability

In parallel with the increasing growth of the Internet and computer networks, the number of malwares has been increasing every day. Today, one of the newest attacks and the biggest threats in cybersecurity is ransomware. The effectiveness of applying machine learning techniques for malware detection has been explored in much scientific research, however, there is few studies focused on machine learning-based ransomware detection. In this paper, the effectiveness of ransomware detection using machine learning methods applied to CICAndMal2017 dataset is examined in two experiments. First, the classifiers are trained on a single dataset containing different types of ransomware. Second, different classifiers are trained on datasets of 10 ransomware families distinctly. Our findings imply that in both experiments random forest outperforms other tested classifiers and the performance of the classifiers are not changed significantly when they are trained on each family distinctly. Therefore, the random forest classification method is very effective in ransomware detection.

Citation Keynoorbehbahani_analysis_2019