A Supervised Machine Learning Ransomware Host-Based Detection Framework

Abstract

Today, the term ransomware is frequently used in cybercrime headlines, its consequences have been on the rise leaving a trail of terrible losses in its wake. Both people and businesses have been victimized by ransomware, costing the victims millions of dollars in ransom payments. In addition, victims who were unable to pay the ransom or decrypt the data experienced data losses. This study uses dynamic malware analysis artifacts and supervised machine learning to detect ransomware at the host level. It takes on a thorough examination of the operational specifics of ransomware and suggests a supervised machine learning approach to detection using various ransomware features derived from a dynamic malware analysis. According to the findings, a Logistic Regression algorithm model with a 97.7% accuracy score offers a 99% success rate in ransomware detection. This demonstrates how well machine learning and dynamic malware analysis work together to detect ransomware activity at the host level. Systems security administrators can mitigate security risks by using this method.