Federated Learning-Based Ransomware Detection via Indicators of Compromise

Ransomware attacks have become increasingly prevalent and sophisticated, posing significant threats to data security and organizational operations worldwide. Leveraging a federated learning-based approach, this research presents a novel and significant advancement in ransomware detection by utilizing network and file system indicators of compromise while ensuring data privacy. The methodology involves the decentralized training of machine learning models across multiple clients, which enhances the model's robustness and adaptability to various ransomware attack scenarios. Extensive experiments and evaluations demonstrate the high accuracy, precision, recall, and F1-scores achieved by the proposed model, showcasing its effectiveness in real-world applications. The innovative combination of preprocessing, feature engineering, and sophisticated machine learning techniques within a federated learning framework results in a scalable and privacy-preserving solution capable of addressing the dynamic and evolving landscape of ransomware threats. This study contributes valuable insights into the development of effective ransomware detection systems, emphasizing the importance of collaborative and decentralized learning techniques in enhancing cybersecurity defenses.