RanDEL: Dynamic Feature-Based Ransomware Detection and Classification Using Advanced Ensemble Techniques

Ransomware attacks are sophisticated, frequent, and pose severe cybersecurity challenges. They are challenging to detect due to the emergence of more robust encrypting algorithms, polymorphic nature, and zero-day threat exploitation. Prior techniques use static analysis and signature matching techniques for detection, but the drawback is that they cannot detect new, zero-day, and polymorphic ransomware. This research aims to provide an accurate, cost-effective and efficient framework for Ransomware Detection using Ensemble Learning (RanDEL). The proposed model is based on two machine learning models Gaussian Naive Bayes and Multi-Layer Perceptron. The framework uses soft voting, stacking, and bagging ensemble techniques for ransomware classification into Goodware, Encryptor ransomware, and Locker ransomware. It uses a publicly available dataset 1 based on dynamic features and is capable of detecting and classifying zero-day, metamorphic, and polymorphic ransomware. The developed framework demonstrated maximum efficiency and achieved the highest accuracy of 99.25%. Using feature reduction, model tuning, and pruning strategies, we have significantly reduced resource use, notably processing time. This study reveals the effectiveness of ensemble models over standalone models.