Modified Decision Tree Technique for Ransomware Detection at Runtime through API Calls

Abstract EN

Ransomware (RW) is a distinctive variety of malware that encrypts the files or locks the user’s system by keeping and taking their files hostage, which leads to huge financial losses to users.

In this article, we propose a new model that extracts the novel features from the RW dataset and performs classification of the RW and benign files.

The proposed model can detect a large number of RW from various families at runtime and scan the network, registry activities, and file system throughout the execution.

API-call series was reutilized to represent the behavior-based features of RW.

The technique extracts fourteen-feature vector at runtime and analyzes it by applying online machine learning algorithms to predict the RW.

To validate the effectiveness and scalability, we test 78550 recent malign and benign RW and compare with the random forest and AdaBoost, and the testing accuracy is extended at 99.56%.