Abstract:
Ransomware is a harmful malware that is designed to encrypt a victim's data or lock the victim's system, then demand a ransom for restoration or decrypting the data or unlocking the system, and it often causes significant financial and operational damage. Current ransomware detection methods are struggling to detect ransomware properly because most of the ransomware detection approaches follow dynamic analysis techniques which involve a complicated process, and also use only signature-based features, not use network or behavioral based features. This study proposed a ransomware detection hybrid model that is based on static analysis and uses signature- based features, network, or behavioral features. This study used three ML models for implementing hybrid models, models are Decision Tree, Random Forest, and K-Nearest Neighbors. This study proposed two hybrid models, where the hybrid model achieved highest detection accuracy 97.48% with a low false positive and false negative rate.
