Ransomware Detection with Machine Learning: Techniques, Challenges, and Future Directions

TLDR

It is found that techniques such as hybrid analysis, digital DNA sequencing, and supervised learning, although less frequently, show their potential in ransomware detection, and Dynamic, static, and network traffic analysis are the most used methods.

Abstract

Ransomware attacks are one of the most common and dangerous threats in cybersecurity. It prevents

users from accessing their systems or personal files and extorts them by demanding a ransom

payment. This study aims to identify the most effective machine-learning methods and techniques

for detecting and mitigating ransomware attacks. Furthermore, it seeks to determine which features

are essential to locate ransomware and which attributes are most effective in achieving this goal. To

do so, we conducted a systematic literature review using the PRISMA methodological guide. We

focused on selecting only primary empirical studies that will evaluate their effectiveness. The main

findings revealed that the studies focus on the analysis of existing datasets, followed by API calls

and executable file analysis. Dynamic, static, and network traffic analysis are the most used methods.

Furthermore, we found that techniques such as hybrid analysis, digital DNA sequencing, and

supervised learning, although less frequently, show their potential in ransomware detection. This

research also indicates the limitations of their application, challenges, and future research directions.

The results can be beneficial for researchers to learn about the variety of ransomware detection

methods to identify ransomware infection at an earlier stage before an attack occurs and develop

highly effective solutions.

Ransomware Detection with Machine Learning: Techniques, Challenges, and Future Directions - A Systematic Review

TLDR

Abstract