Ransomware Detection on Windows Systems Using File System Activities and a Hybrid Machine Learning Approach

As a type of aggressive malware, ransomware continues to be one of the most destructive forms of cyberattacks, frequently targeting Windows systems and causing widespread disruption to individuals, corporations, and governments. The need for a more adaptive detection method is clear, as traditional signature-based approaches often fail against sophisticated ransomware strains that employ obfuscation techniques. A novel hybrid machine learning model is proposed, combining Support Vector Machines (SVM) and Random Forests (RF), specifically designed to detect ransomware through analysis of file system activities. This approach leverages the complementary strengths of both algorithms: SVM's capacity to handle high-dimensional data and RF's robustness in handling noisy datasets and providing feature importance insights. By focusing on file operations such as renaming, deletion, and modification, the model effectively distinguishes ransomware from benign applications with high accuracy. Results demonstrate the hybrid model’s superior performance compared to individual SVM and RF models, particularly in terms of precision, recall, and overall resilience against evasive ransomware techniques. Future directions suggest expanding the dataset and exploring deep learning methods to further enhance detection capabilities.