Ransomware detection system based on machine learning

الملخص EN

Every day, there is great growth of the Internet and smart devices connected to the network.

Additionally, there is an increasing number of malwares that attack networks, devices, system and applications.

One of the biggest threats and newest attacks in cybersecurity is Ransom Software (Ransomware).

Although there is a lot of research on detecting malware using machine learning (ML), only a few focus on ML-based ransomware detection, especially attacks targeting smartphone operating systems (e.g., Android) and applications.

In this research, a new system was proposed to protect smartphones from malicious applications through monitoring network traffic.

Six ML methods (Random Forest (RF), k-Nearest Neighbors (k-NN), Multi-Layer Perceptron (MLP), Decision tree (DT), Logistic Regression (LR), and eXtreme Gradient Boosting (XGB)) are applied to CICAndMal2017 dataset which consists of benign and various kinds of android malware samples.

603288 benign and ransomware samples were extracted from this collection.

Ransomware samples were collected from 10 different families.

Several types of feature selection techniques have been used on the dataset.

Finally, seven performance metrics were used to determine the best feature selection and ML classifiers for ransomware detection.

The experiment results imply that DT and XGB outperform other classifiers with best detection accuracy at more than (99.30%) and (99.20%) for (DT) and (XGB) respectively.