Leveraging Machine Learning for Ransomware Detection

The current pandemic situation has increased cyber-attacks drastically worldwide. The attackers are using malware like trojans, spyware, rootkits, worms, ransomware heavily. Ransomware is the most notorious malware, yet we did not have any defensive mechanism to prevent or detect a zero-day attack. Most defensive products in the industry rely on either signature-based mechanisms or traffic-based anomalies detection. Therefore, researchers are adopting machine learning and deep learning to develop a behaviour-based mechanism for detecting malware. Though we have some hybrid mechanisms that perform static and dynamic analysis of executable for detection, we have not any full proof detection proof of concept, which can be used to develop a full proof product specific to ransomware. In this work, we have developed a proof of concept for ransomware detection using machine learning models. We have done detailed analysis and compared efficiency between several machine learning models like decision tree, random forest, KNN, SVM, XGBoost and Logistic Regression. We obtained 98.21% accuracy and evaluated various metrics like precision, recall, TP, TN, FP, and FN.