An experimental study to evaluate the performance of machine learning algorithms in ransomware detection

Abstract

The research in the domain of ransomware is rapidly emerging, and the application of machine learning algorithms in ransomware detection is one of the recent breakthroughs. In this research, we constructed an experimental platform using ransomware datasets to compare the performance of various machine learning algorithms such as Random Forest, Gradient Boosting Decision Tree (GBDT), Neural Network using Multilayer Perceptron as well as three types of Support Vector Machine (SVM) kernels in ransomware detection. Our experiment is based on a combination of different methodologies reported in the existing literature. We used complete executable files in our experiment, analyzed the opcodes and measures their frequencies. The objective of this research was to discover the algorithms that are highly suitable to develop models as well as systems for ransomware detection. Consequently, we identified that Random Forest, GBDT and SVM (Linear) have shown optimal results in detection of ransomware.