Obfuscated Ransomware Family Classification Using Machine Learning

The recent rise of ransomware attacks, average ransom demands, average ransom payments, and average ransomware recovery time has made ransomware a serious threat for businesses and individuals. Obfuscated ransomware is a more threatening variation that is more complicated to detect. Designing accurate ransomware detection systems is essential to protect networks from harmful consequences of a ransomware attack. In this research, we propose a machine learning based ransomware classification framework and study five machine learning algorithms and four feature selection techniques to detect the class of an obfuscated ransomware vs. benign. We studied different feature selection techniques that remove noise and highly correlated features to get the most efficient model. We also studied the impacts of different techniques to combat data imbalance. Our results indicate that Random Forest with LightGBM feature selection technique outperforms other models with 89.4% accuracy.