Go to DBLP homepageA Dual-Stage Ensemble Approach to Detect and Classify Ransomware Attacks
Abstract: This study proposes a novel two-layer machine learning system for ransomware detection and classification using the UGRansomware dataset. In the first layer, a stacked ensemble learning model combining six classifiers (Gaussian NB, KNN, Decision Tree, Logistic Regression, Multi-Layer Perceptron, and SGDClassifier) achieved a high accuracy of $\mathbf{9 8 . 2 2 \%}$ in predicting ransomware attacks in total, with precision and recall of around $\mathbf{9 8 \%}$ for both categories. The second layer uses LightGBM to categorize the identified ransomware into specific families. This layer, while less accurate, especially in less popular categories, still provided valuable insights, achieving accuracy rates of $\mathbf{7 4 . 9 \%}$ to $\mathbf{9 9 . 1 \%}$ for various ransomware families. The study’s result highlight the effectiveness of ensemble learning in improving ransomware detection and emphasize the opportunities for improvement in ransomware family categorization. This research demonstrates the potential of advanced machine learning techniques to address ransomware threats and contribute to the evolving field of cybersecurity.
External IDs:dblp:conf/uemcom/YanKHH24
Loading