Classifying Ransomware Using Machine Learning Algorithms

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detec- tion and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised ma- chine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Na ̈ıve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youdens index to determine sensitivity and specificity.
LanguageEnglish
Title of host publication20th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL)
Number of pages8
Publication statusAccepted/In press - 29 Aug 2019

Fingerprint

Learning algorithms
Learning systems
Malware

Cite this

Egunjobi, S., Parkinson, S., & Crampton, A. (Accepted/In press). Classifying Ransomware Using Machine Learning Algorithms. In 20th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL)
Egunjobi, Samuel ; Parkinson, Simon ; Crampton, Andrew. / Classifying Ransomware Using Machine Learning Algorithms. 20th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL). 2019.
@inbook{10190ff87dbd4b99a51b54c526a5b7d8,
title = "Classifying Ransomware Using Machine Learning Algorithms",
abstract = "Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detec- tion and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised ma- chine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Na ̈ıve Bayes algorithm resulted in an accuracy of 96{\%} with the test set result, SVM 99.5{\%}, random forest 99.5{\%}, and 96{\%}. We also use Youdens index to determine sensitivity and specificity.",
keywords = "Ransomeware, Malware, Machine Learning",
author = "Samuel Egunjobi and Simon Parkinson and Andrew Crampton",
year = "2019",
month = "8",
day = "29",
language = "English",
booktitle = "20th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL)",

}

Egunjobi, S, Parkinson, S & Crampton, A 2019, Classifying Ransomware Using Machine Learning Algorithms. in 20th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL).

Classifying Ransomware Using Machine Learning Algorithms. / Egunjobi, Samuel; Parkinson, Simon; Crampton, Andrew.

20th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL). 2019.

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Classifying Ransomware Using Machine Learning Algorithms

AU - Egunjobi, Samuel

AU - Parkinson, Simon

AU - Crampton, Andrew

PY - 2019/8/29

Y1 - 2019/8/29

N2 - Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detec- tion and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised ma- chine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Na ̈ıve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youdens index to determine sensitivity and specificity.

AB - Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detec- tion and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised ma- chine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Na ̈ıve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youdens index to determine sensitivity and specificity.

KW - Ransomeware

KW - Malware

KW - Machine Learning

M3 - Chapter

BT - 20th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL)

ER -

Egunjobi S, Parkinson S, Crampton A. Classifying Ransomware Using Machine Learning Algorithms. In 20th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL). 2019