Classifying Ransomware Using Machine Learning Algorithms

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)


Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Naïve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youden's index to determine sensitivity and specificity.
Original languageEnglish
Title of host publicationIntelligent Data Engineering and Automated Learning - IDEAL 2019
Subtitle of host publication20th International Conference, Manchester, UK, November 14-16, 2019, Proceedings, Part II
EditorsHujun Yin, David Camacho, Peter Tino, Antonio J. Tallón-Ballesteros, Ronaldo Menezes, Richard Allmendinger
Place of PublicationCham
PublisherSpringer International Publishing
Number of pages8
ISBN (Electronic)9783030336172
ISBN (Print)9783030336165, 3030336166
Publication statusPublished - 24 Oct 2019
Event20th International Conference on Intelligent Data Engineering and Automated Learning - University of Manchester, Manchester, United Kingdom
Duration: 14 Nov 201916 Nov 2019
Conference number: 20

Publication series

NameLecture Notes in Computer Science
VolumeLNCS 11872
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference20th International Conference on Intelligent Data Engineering and Automated Learning
Abbreviated titleIDEAL
CountryUnited Kingdom
Internet address


Dive into the research topics of 'Classifying Ransomware Using Machine Learning Algorithms'. Together they form a unique fingerprint.

Cite this