Ransomware Early Detection Techniques

Abstract

Ransomware has become a significant threat to individuals and organizations worldwide, causing substantial financial losses and disruptions. Early detection of ransomware is crucial to mitigate its impact. The significance of early detection lies in the capture of ransomware in the act of encrypting sample files, thus thwarting its progression. A timely response to ransomware is crucial to prevent the encryption of additional files, a scenario not adequately addressed by current antivirus programs. This study evaluates the performance of six machine-learning algorithms for ransomware detection, comparing the accuracy, precision, recall, and F1-score of Logistic Regression, Decision Tree, Naive Bayes, Random Forest, AdaBoost, and XGBoost. Additionally, their computational performance is evaluated, including build time, training time, classification speed, computational time, and Kappa statistic. This analysis provides insight into the practical feasibility of the algorithms for real-world deployment. The findings suggest that Random Forst, Decision Tree, and XGBoost are promising algorithms for ransomware detection due to their high accuracy of 99.37%, 99.42%, and 99.48%, respectively. These algorithms are also relatively efficient in terms of classification speed, which makes them suitable for real-time detection scenarios, as they can effectively identify ransomware samples even in the presence of noise and data variations.