Ransomware Attack Detection by Applying Machine Learning Techniques

Abstract

The world faces various perilous threats due to computer security breaches in the present era. It is proliferating at such a fast rate that it hampers the integrity and confidentiality of people as well as organizations resulting in a substantial monetary loss. Among different threats, it has been observed that ransomware is one of its types that results in data loss and makes victims by paying huge ransoms. In this study, a research attempt has been made to detect the attack by applying various machine learning techniques with the dataset. First, the data was trained directly using different machine learning techniques such as k-NN, SVM with different kernel functions (SVM-linear, SVM- Polynomial, SVM-RBF, SVM-Sigmoid), random forest, decision tree, and multilayer perceptron without incorporating any feature selection techniques to detect if the attack is ransomware or benign. Further to optimize the results, feature selection methods based on the filter (Chi-square test, correlationmcoefficient), wrapper (forward feature selection, backward feature elimination), and embedded methods (LASSO regularization (L1)) are applied to select the prominent features and redundant features are discarded. Finally, all the results obtained from different experiments are analyzed with critical assessment. By investigating the performance measures of various classifiers, it has been observed that significant improvement in the result is being achieved by the machine learning techniques when the feature selection techniques are considered.