Files
Abstract
Ransomware is dened as a type of malware program that infects, locks or takes control of the users system and demands ransom from the user to undo the damage. Ransomware detection is an important factor in security of computer systems. However, Zero-day attacks and polymorphic viruses are not easily detected by signature-based methods. As a result, need for machine learning based detection arises. The purpose of this work is to determine result of feature selection on classication methods when used on top of cuckoo sandbox. Classication algorithms like k-Nearest-Neighbors, Naive Bayes, Support Vector Machines and Random Forest were evaluated. The dataset for this study consisted over 1584 ransomware samples of 11 dierent ransomware families. Cuckoo sandbox is used to run these samples and see their real time behavior. This work demonstrated the improvement in accuracy obtained using mutual information criteria for feature selection.