Critical Feature Selection for Machine Learning Approaches to Detect Ransomware

Sachin Malik, Bharanidharan Shanmugam, Krishnan Kannorpatti, Sami Azam

Research output: Contribution to journalArticlepeer-review

Abstract

It has been nearly three decades since the first strain of ransomware surfaced online, but still, it is one of the most destructive malwares of all time, costing millions of dollars around the globe each year. Ransomware is a type of malware that encrypts all the data on an infected device using asymmetric encryption algorithms and demands a ransom to decrypt the data. As it is nearly impossible to recover the encrypted data without having a backup, victims end up paying the ransom or lose the data. Therefore, the best approach is to detect the ransomware at its initial stages and remove it before any damage is done. Traditional methods of signature-based detection are useless against the newer ransomware families as they exhibit polymorphic techniques and change their signatures frequently. This paper critically reviews some of the existing detection methods that use behavioural analysis using machine learning techniques. To test the efficiency and accuracy of various machine learning algorithms, logs from an infected windows machine were analysed using supervised machine learning algorithms to classify it as ransomware or non-ransomware. Secondly, the datasets were split into training and testing set to check the accuracy of the trained models and finally the most important behavioural features were determined that are most crucial in differentiating a log file from a ransomware infected machine to that of an uninfected machine.

Original languageEnglish
Pages (from-to)1167-1176
Number of pages10
JournalInternational Journal of Computing and Digital Systems
Volume11
Issue number1
DOIs
Publication statusPublished - Mar 2022

Fingerprint

Dive into the research topics of 'Critical Feature Selection for Machine Learning Approaches to Detect Ransomware'. Together they form a unique fingerprint.

Cite this