Classifying windows ransomware based on runtime behavior using machine learning algorithms
Dmello, Lovina Moses
MetadataShow full item record
Ransomware is deﬁned as a type of malware program that infects, locks or takes control of the users system and demands ransom from the user to undo the damage. Ransomware detection is an important factor in security of computer systems. However, Zero-day attacks and polymorphic viruses are not easily detected by signature-based methods. As a result, need for machine learning based detection arises. The purpose of this work is to determine result of feature selection on classiﬁcation methods when used on top of cuckoo sandbox. Classiﬁcation algorithms like k-Nearest-Neighbors, Naive Bayes, Support Vector Machines and Random Forest were evaluated. The dataset for this study consisted over 1584 ransomware samples of 11 diﬀerent ransomware families. Cuckoo sandbox is used to run these samples and see their real time behavior. This work demonstrated the improvement in accuracy obtained using mutual information criteria for feature selection.