Voting Classifier-Based Ransomware Detection: Leveraging ML And CNN2D For Enhanced Security

Abstract

The project addresses the challenge of ransomware detection, acknowledging the limitations of current approaches involving process monitoring and data analysis. The aim is to develop a robust and practical detection method for ransomware executed on a virtual machine (VM). Data collection focuses on specific processor and disk I/O events for the entire VM from the host machine. Leveraging machine learning (ML), particularly a random forest (RF) classifier, the project aims to create an effective detection model. This approach minimizes monitoring overhead and mitigates the risk of data contamination by ransomware. The proposed method demonstrates resilience to variations in user workloads, overcoming a common challenge in ransomware detection. By avoiding continuous monitoring of every process on the target machine, the model remains adaptable to different user scenarios. The project's effectiveness is measured across various user workloads and 22 ransomware samples. This Project contributes a practical and efficient solution to the ongoing ransomware threat by providing a reliable detection model. By utilizing selected processor and disk I/O events and incorporating machine learning, the project minimizes monitoring overhead, enhances detection speed, and ensures adaptability to evolving ransomware variants. In this project additional enhancements were introduced, incorporating Convolutional Neural Network 2D (CNN2D) and an ensemble model with a voting classifier to further improve ransomware detection accuracy. The voting classifier, comprising multiple machine learning classifiers, demonstrated a remarkable 99% accuracy in making final predictions, showcasing the effectiveness of combining different models for robust detection.