Ransomware Early Detection Methods

  • سال انتشار: 1403
  • محل انتشار: نهمین همایش بین المللی مهندسی برق، علوم کامپیوتر و فناوری اطلاعات
  • کد COI اختصاصی: ECICONFE09_064
  • زبان مقاله: انگلیسی
  • تعداد مشاهده: 70
دانلود فایل این مقاله

نویسندگان

Seyyed Mohammad Ali Abolmaali

MSc, Computer Engineering Department, Bu-Ali Sina University, Hamedan, Iran

Reza Mohammadi

Assistant Professor, Computer Engineering Department, Bu-Ali Sina University, Hamedan, Iran

Mohammad Nassiri

Associate Professor, Computer Engineering Department, Bu-Ali Sina University, Hamedan, Iran

چکیده

Ransomware has grown to be a serious threat to people and businesses all over the world, resulting in significant disruptions and financial losses. To lessen the impact of ransomware, early detection is essential. Early detection is important because it can stop ransomware in its tracks by catching it encrypting sample files. In order to stop ransomware from encrypting more files, a situation that is not sufficiently handled by antivirus software today, a prompt response is essential. This research compares the accuracy, precision, recall, and F۱-score of six machine-learning algorithms for ransomware detection: Logistic Regression, Decision Tree, Naive Bayes, Random Forest, AdaBoost, and XGBoost. Their computational performance is also assessed, taking into account the Kappa statistic, build time, training time, classification speed, and computational time. This analysis sheds light on whether the algorithms are feasible to implement in the real world. Because Random Forest, Decision Tree, and XGBoost have high accuracy rates of ۹۹.۳۷ percent, ۹۹.۴۲ percent, and ۹۹.۴۸ percent, respectively, the results indicate that they are promising algorithms for ransomware detection. Because these algorithms can successfully identify ransomware samples even in the presence of noise and data variations, they are also appropriate for real-time detection scenarios due to their relatively efficient classification speed.

کلیدواژه ها

Ransomware, Early Detection, Machine Learning, Computational Performance, Cybersecurity

مقالات مرتبط جدید

اطلاعات بیشتر در مورد COI

COI مخفف عبارت CIVILICA Object Identifier به معنی شناسه سیویلیکا برای اسناد است. COI کدی است که مطابق محل انتشار، به مقالات کنفرانسها و ژورنالهای داخل کشور به هنگام نمایه سازی بر روی پایگاه استنادی سیویلیکا اختصاص می یابد.

کد COI به مفهوم کد ملی اسناد نمایه شده در سیویلیکا است و کدی یکتا و ثابت است و به همین دلیل همواره قابلیت استناد و پیگیری دارد.