Analysis of classification techniques in ransomware detection using machine learning approach

Abdul Aziz, Meiza Cermella (2023) Analysis of classification techniques in ransomware detection using machine learning approach. Project Report. Universiti Teknikal Malaysia Melaka, Melaka, Malaysia. (Submitted)

Text (Full Text) Analysis of classification techniques in ransomware detection using machine learning approach.pdf Download (9MB)

Abstract

Ransomware is one of the most devastating cyberattacks in the malware category which involves the victim device being locked from accessing the system. The increase of ransomware attacks may be caused by several factors such as insufficient corporate security defense and the trends of ransomware as a service known as (RaaS) affiliate market. Additionally, most of the antivirus that use signature-based detection can be ineffective especially for detecting new variants of ransomware. There’s also a challenge in selecting appropriate classification techniques due to the extensive scientific and technical materials involved. Therefore, taking all these problems into consideration this project objective is to evaluate the performance of various classification techniques for detection and classification of ransomware. The research methodology involves acquiring a comprehensive ransomware dataset from reputable sources such as Kaggle, UCI Machine Learning Repositories, and Resilient Information Systems Security (RISS)Ransomware Dataset. The dataset undergoes preprocessing steps, including data cleaning to handle missing values and noisy data. Feature selection methods are applied to identify the most informative features, thereby enhancing the accuracy of the ransomware detection system. Several machines learning classifiers, including Decision Tree, Random Forest, Support Vector Machines (SVM), and Naïve Bayes, are employed for training the ransomware detection model. The resulting models are then evaluated using various evaluation metrics such as accuracy, precision, recall, F-measure, and True Positive Rate (TPR). and False Positive Rates (FPR). The outcomes of this study contribute to the understanding of the performance of different classification techniques in the context of ransomware detection. The findings illustrate that performance consistently improves with larger balanced dataset sizes, notably Random Forest highest being 99.30% accuracy, exhibit remarkable accuracy gains when transitioning from imbalanced to balanced datasets. Future research directions include exploring deep learning methods, utilizing larger datasets, and conducting real-time testing to further enhance the accuracy and zero day attack of ransomware detection systems. This research can serve as a reference for future work to combat the rising threat of ransomware attacks.

Actions (login required)

View Item