Comparative study on Ransomware Detection using Machine Learning

Abstract

Ransomware is one of the serious threats to the kind of cyber technology that is emerging, more precisely because of the high level at which businesses are now warming up to platforms on the internet. In most instances, normal traditional approaches to security, among the lot like antivirus and firewalls, fail, given the level of sophistication and high dynamism involved during ransomware attacks. This review is on the application of several machine-learning detection approaches for ransomware using static, dynamic, and hybrid feature sets. The paper compares the accuracy, precision, recall, and F1-scores for different ML algorithms such as SVM, Random Forest, CNN, LSTM, ensemble methods and hybrid models. The result has been remarked that the ensemble method and hybrid models perform better in all aspects than the individual model. These challenges explore not only the diversity of the dataset in ML-based ransomware detection but also the balance between negative/false positives and negatives, including the ability to accommodate new variants of ransomware. Work in this direction would, therefore, indicate that advanced hybrid models, for example, combinations like Transfer Learning with Reinforcement Learning, Autoencoders with Random Forest, and Generative Adversarial Networks with LSTM, are going to contribute toward the improvement of ransomware detection and mitigation to a much greater extent. This study provides valuable insights for future research on ransomware detection, identifying effective techniques and areas for improvement in detection and mitigation.