Classifying Ransomware Using Machine Learning Algorithms

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Citations (Scopus)


Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Naïve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youden's index to determine sensitivity and specificity.
Original languageEnglish
Title of host publicationIntelligent Data Engineering and Automated Learning - IDEAL 2019
Subtitle of host publication20th International Conference, Manchester, UK, November 14-16, 2019, Proceedings, Part II
EditorsHujun Yin, David Camacho, Peter Tino, Antonio J. Tallón-Ballesteros, Ronaldo Menezes, Richard Allmendinger
Place of PublicationCham
PublisherSpringer International Publishing
Number of pages8
ISBN (Electronic)9783030336172
ISBN (Print)9783030336165, 3030336166
Publication statusPublished - 24 Oct 2019
Event20th International Conference on Intelligent Data Engineering and Automated Learning - University of Manchester, Manchester, United Kingdom
Duration: 14 Nov 201916 Nov 2019
Conference number: 20

Publication series

NameLecture Notes in Computer Science
VolumeLNCS 11872
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference20th International Conference on Intelligent Data Engineering and Automated Learning
Abbreviated titleIDEAL
Country/TerritoryUnited Kingdom
Internet address


Dive into the research topics of 'Classifying Ransomware Using Machine Learning Algorithms'. Together they form a unique fingerprint.

Cite this