Volume 15, Number 4

Ransomware Attack Detection based on Pertinent System Calls Using Machine Learning Techniques


Ahmed Dib, Sabri Ghazi and Mendjel Mohamed Said Mehdi, Mokhtar Annaba University, Algeria


In the last few years, the evolution of information technology has resulted in thedevelopmentof several interesting and sensitive fields such as the dark Web and cyber-criminality, especially using ransomware attacks. This paper aims to bring out only critical features and make their observation, or not, in software behaviour sufficient to decide whether it is ransomware or not. Therefore, we propose a new solution for ransomware detection based on machine learning algorithms and system calls. First, we introduce our produced dataset of collected system calls of both ransomware and Benignware. Then, we push pre-processing steps deeply to reduce efficiently data dimensionality. After that, we introduce a new technique to select pertinent features. Next, we bring out the critical system calls, their importance and their contribution to the distinction between dataset elements. Finally, we present our model that achieves an overall accuracy of 99.81% after K-Fold cross-validation.


Ransomware, System calls, Machin learning, Cyber security.