Comparative Analysis of Some Machine Learning Algorithms for the Classification of Ransomware

Ransomware is a serious cybersecurity threat, encrypting data and demanding payment for its release. This study compares six machine learning algorithms, these are Random Forest (RF), Decision Tree (DT), Neural Network (NN), Support Vector Machine (SVM), K-Nearest Neighbors (KNN), and Naive Bayes (NB) for ransomware classification. A GitHub sourced dataset was preprocessed using standard techniques, and feature selection was done using correlation analysis, mutual information, and recursive feature elimination. Models were trained and evaluated using Python’s scikit-learn library, assessed on accuracy, precision, recall, F1-score, and ROC-AUC. RF achieved the best performance with 99.98% accuracy and 99.99% ROC-AUC, followed closely by DT and NN. NB performed poorly across most metrics. Results indicate RF as the most effective model for ransomware detection. These findings support the development of intelligent threat detection systems for cybersecurity platforms, cloud infrastructure, and endpoint protection.

Comparative Performance, Ransomware, Machine Learning (ML), Random Forest (RF), Support Vector Machine (SVM), Decision Tree (DT), Feature Selection and Python scikit-learn.

1. Abualhaj, M. M., Abu-Shareha, A. A., Shambour, Q. Y., Al-Khatib, S. N., and Hiari, M. O. (2024). Tuning the k value in k-nearest neighbors for malware detection. IAES International Journal of Artificial Intelligence (IJ-AI), 13(2), 2275–2282. https://doi.org/10.11591/ijai.v13.i2.pp2275-2282 [Google Scholar] [Crossref]

2. Al‑Ruwili, A. S. M., & Mostafa, A. M. (2023). Analysis of Ransomware Impact on Android Systems using Machine Learning Techniques. International Journal of Advanced Computer Science and Applications, 14(11), 775–785. https://doi.org/10.14569/IJACSA.2023.0141178 [Google Scholar] [Crossref]

3. Asad, A. B., Mansur, R., Zawad, S., Evan, N., and Hossain, M. I. (2020). Analysis of malware prediction based on infection rate using machine learning techniques. 2020 IEEE Region 10 Symposium (TENSYMP). https://doi.org/10.1109/TENSYMP50017.2020.9230624 [Google Scholar] [Crossref]

4. Aurangzeb, S., Rais, R. N. B., Aleem, M., Islam, M. A., and Iqbal, M. A. (2021). On the classification of Microsoft-Windows ransomware using hardware profile. PeerJ Computer Science, 7, e361. https://doi.org/10.7717/peerj-cs.361 [Google Scholar] [Crossref]

5. Bawazeer, O., Helmy, T., and Al-Hadhrami, S. (2021). Malware detection using machine learning algorithms based on hardware performance counters: Analysis and simulation. Journal of Physics: Conference Series, 1962(1), 012010. https://doi.org/10.1088/1742-6596/1962/1/012010 [Google Scholar] [Crossref]

6. Bold, R., Al-Khateeb, H., and Ersotelos, N. (2022). Reducing false negatives in ransomware detection: A critical evaluation of machine learning algorithms. Applied Sciences, 12(24), 12941. https://doi.org/10.3390/app122412941 [Google Scholar] [Crossref]

7. Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5–32. https://doi.org/10.1023/A:1010933404324 [Google Scholar] [Crossref]

8. Egunjobi, S., Parkinson, S., and Crampton, A. (2019). Classifying ransomware using machine learning algorithms. In Intelligent Data Engineering and Automated Learning – IDEAL 2019 (pp. 45–52). Springer. https://doi.org/10.1007/978-3-030-33617-2_5 [Google Scholar] [Crossref]

9. Fuyong Xing, Yuanpu Xie, Hai Su, Fujun Liu, Lin Yang (2018). “Deep Learning in Microscopy Image Analysis: A Survey.” IEEE Transactions on Neural Networks and Learning Systems, 29(10), 4550–4568. https://doi.org/10.1109/TNNLS.2017.2766168 [Google Scholar] [Crossref]

10. Khammas, B. M. (2022). Comparative analysis of various machine learning algorithms for ransomware detection. TELKOMNIKA (Telecommunication Computing Electronics and Control), 20(1), 43–52. https://doi.org/10.12928/telkomnika.v20i1.18812 [Google Scholar] [Crossref]

11. Kok, S., Abdullah, A., Jhanjhi, N. Z., and Supramaniam, M. (2019). Prevention of crypto-ransomware using a pre-encryption detection algorithm. Computers, 8(4), 79. https://doi.org/10.3390/computers8040079 [Google Scholar] [Crossref]

12. Masum, M., Faruk, M. J. H., Shahriar, H., Qian, K., Lo, D., and Adnan, M. I. (2022). Ransomware classification and detection with machine learning algorithms. 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), 0316–0322. https://doi.org/10.1109/CCWC54503.2022.9720869 [Google Scholar] [Crossref]

13. Ngirande, H., Muduva, M., Chiwariro, R., and Makate, A. (2024). Detection and analysis of Android ransomware using the support vector machines. International Journal for Research in Applied Science and Engineering Technology, 12(1), 241–252. https://doi.org/10.22214/ijraset.2024.57885 [Google Scholar] [Crossref]

14. Scaife, N., Carter, H., Traynor, P., & Butler, K. R. B. (2016). Cryptolock (and Drop It): Stopping Ransomware Attacks on User Data. 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS). [Google Scholar] [Crossref]

15. Sharma, S., Kumar, R., and Krishna, C. R. (2021). A survey on analysis and detection of Android ransomware. Concurrency and Computation: Practice and Experience, 33(16), e6272. https://doi.org/10.1002/cpe.6272 [Google Scholar] [Crossref]

16. Ucci, D., Aniello, L., & Baldoni, R. (2019). Survey of machine learning techniques for malware analysis. Computers & Security, 81, 123–147. [Google Scholar] [Crossref]

• What the Desert Fathers Teach Data Scientists: Ancient Ascetic Principles for Ethical Machine-Learning Practice
• Comparative Performance Analysis of Some Priority Queue Variants in Dijkstra’s Algorithm
• Transfer Learning in Detecting E-Assessment Malpractice from a Proctored Video Recordings.
• Dual-Modal Detection of Parkinson’s Disease: A Clinical Framework and Deep Learning Approach Using NeuroParkNet
• Real-Time Traffic Signal Optimisation Using Deep Q-Network Algorithm and Camera Data