EFFICIENT RANSOMWARE DETECTION USING ENSEMBLE CLASSIFIERS

Abstract

Ransomware is one of the most widespread and damaging threats in cybersecurity. These malicious applications encrypt valuable user data using powerful cryptographic algorithms, rendering it unobtainable until payment of a ransom is made, typically by way of cryptocurrencies such as Bitcoin. Signature-based detection methods are slow in terms of reaction time, and they cannot accurately deal with the new or zero-day ransomware strains. To address these problems, this paper introduces and evaluates an ensemble machine learning classifier trained on static features collected from Windows Portable Executable (PE) files. The model was trained and tested on a dataset consisting of around 20,000 instances, each with 134 static attributes. The experimental results prove that the model proposed in this work achieves a high detection accuracy of 98.80%, and is characterized by an extremely low false positive rate (0.26%) together with a very high true positive rate (97.08%). These observations also demonstrate that static-based ensemble classifiers are an effective approach to establish a proactive, lightweight, and scalable defense against modern ransomware attacks.