An Efficient Ransomware Attack Detection Framework Using Machine Learning and Feature Reduction Techniques

Abstract

In recent years, ransomware attacks have emerged as one of the most troublesome cybersecurity threats largely due to their widespread adoption to digital platforms, cloud services, and highly interconnected systems. Although different detection mechanisms are proposed in literature and used different detection systems, modern ransomware variants are increasingly capable of bypassing traditional signaturebased detection mechanisms. Therefore, the use of machine learning techniques for more effective threat detection is preferred in many protection mechanisms. However, many machine learning–based solutions suffer from their high computational overhead and excessive feature dimensionality, which limits their practical deployment for the systems. To overcome this deficiency, the proposed system presents a ransomware detection framework, which integrates machine learning approach with systematic feature reduction model to achieve both high detection performance and effective execution of the detection systems. Mainly, features are extracted from system-level activities, after which feature selection methods are applied to identify the most informative features to significantly reduce the overall feature space and execution time. We conducted experiments on a recent ransomware dataset to show that the proposed framework maintains high detection accuracy and low false-positive rates while considerably reducing execution time and resource consumption. Moreover, the proposed framework performs steadily in underclass imbalance conditions and proves to be resistant to ransomware samples never seen before. In particular, using only 20 selected features, the XGBoost classifier reaches an accuracy of up to 100%, proving its suitability for effective and efficient ransomware detection.