Idachaba Julius Adamu, Influence Ejirefe, Thomas Ali Gaga


The dynamic concept of technology has caused an unprecedented technological and socio-economic development in everyday human activities. The fact is that there are an increasing number of digital attacks in digital kidnapping, purporting to be ransomware as a continuing threat and which has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale used; however, their reactive nature which has resulted in a continuing evolution and updating process. This is largely because detection mechanisms that can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper we used classification techniques to develop a machine learning model for detecting and classification of ransomware as well as to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms for building the model and used the test set to performed the model evaluation with respect to confusion matrix to observe the model accuracy, of the proposed algorithm which enabling a systematic comparison of each algorithm. In this paper, supervised algorithms were used  namely naive Bayes resulted in an accuracy of 83.40% with the test set result, Decision Tree (J48) 97.60%, respectfully


Digital Files, Ransomware, filtering, digital kidnaping attacks, machine learning model

Full Text:



Businesses Paid $301M to Ransomware Hackers Last Year, New Datto Study Finds, datto, 2017. [Online]. Available: https://www.datto.com/news/datto-releases-global-state-of-the-channel-ransomware-report. [Accessed: 05-Jul-2019]

Kharraz A., Robertson W. ,. Balzarotti D. Bilge L, and Kirda E, (2015) “Cutting the gordian knot: A look under the hood of ransomware attacks,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 9148, pp. 3–24,

Richard Winton, (2019), “Hollywood hospital pays $17,000 in bitcoin to hackers; FBI investigating -Los Angeles Times,” Los Angeles Times2016,[Online].Available:https://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html. [Accessed: 06-Jul-2019].

UToday, (2016). “University of Calgary makes significant progress to address systems issues | UToday. University of Calgary,”. [Online]. Available: https://www.ucalgary.ca/utoday/issue/2016-06-08/university-calgary-makes-significant-progress-address-systems-issues. [Accessed: 05-Jul-2019]

Shinde R., Van Der Veeken P, Van Schooten S, and Van Den Berg J, (2018) “Ransomware: Studying transfer and mitigation,” Int. Conf. Comput. Anal. Secur. Trends, CAST 2016, no. July 2018, pp. 90–95, 2018

Krzysztof Cabaj, Marcin Gregorczyk, and Wojciech Mazurczyk (2018). Software-definednetworking-based crypto ransomware detection using http traffic characteristics.Computers & Electrical Engineering, 66:353–368.

O’Brien, D. (2017). Internet Security Report: Ransomware 2017. Symantec, 17-19

Nieuwenhuizen, D. (2017). A behavioral-based approach to ransomware detection.

Scaife N., Carter H., Traynor P., and Butler K. R. B., (2016) “CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data,” Proc. - Int. Conf. Distrib. Comput. Syst., vol. -Augus, pp. 303–312.

Lau, H., Coogan, P., & Savage, K. (2015). Evolution of Ransomware. Symantec, 5-8. Retrieved February 2, 2019, fromhttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf

Bhardwaj A., Avasthi V., Sastry H., and Subrahmanyam G. V. B (2016). CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. IEEE 36th International Conference on Distributed Computing Systems (ICDCS). doi:10.1109/icdcs.2016.46

Mattias, W., Frick, J., Sjostrom, A., & Jarpe, E. (2017). A Novel Method for Recovery from Crypto Ransomware Infections. In 2nd IEEE International Conference on Computer and Communications (pp. 1354–1358). IEEE

Zahra, A. and Munam, A. S. (2017).IoT Based Ransomware Growth Rate Evaluation and Detection Using Command and Control Blacklisting, Proceedings of the 23rd International Conference on Automation & Computing, University of Huddersfield, Huddersfield, UK, 7-8

Cerber. (2017, March 29). CerberRing: An In-Depth Exposé on CerberRansomware-as-a-Service. Retrieved from https://blog.checkpoint.com/2016/08/16/cerberring/

Liska, A., & Gallo, T. (2017). Ransomware: Defending against digital extortion.Sebastopol: OReilly Media

Vadim Kotov, Mantej Singh Rajpal(2014). In-Depth Analysis of the Most Popular Malware Families, Bromium, UnderstandingCrypto-Ransomware Report.

Sgandurra D., Muñoz-González L., Mohsen R., and Lupu E. C., (2016) “Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection,”

Continella A., et al., (2016) “ShieldFS,” Proc. 32nd Annu. Conf. Comput. Secur. Appl. - ACSAC ’16, pp. 336–347.

Sgandurra D., Muñoz-González L., Mohsen R., and Lupu E. C., (2016) “Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection,”

Chen Z.-G., Kang H.-S., Yin, and Kim S.-R., (2017) “Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph,” pp. 196–201.

Lanzi A, D., Balzarotti, and C. Kruegel, (2016) “Access Miner-Using System Centric Models For Malware Protection.”

Poudyal S., Subedi K. P., and Dasgupta D.,(2019) “A Framework for Analyzing Ransomware using Machine Learning,” Proc. 2018 IEEE Symp. Ser. Comput. Intell. SSCI 2018, pp. 1692–1699.

Karimi A., and Moattar M. H., (2017) “Android ransomware detection using reduced opcode sequence and image similarity,” 2017 7th Int. Conf. Comput. Knowl. Eng. ICCKE 2017, vol. 2017-Janua, no. Iccke, pp. 229–234.

Zheng, C.; Dellarocca, N.; Andronio, N.; Zanero, S.; Maggi, F., (2016) Greateatlon: Fast, static detection of mobile ransomware. In Proceedings of the International Conference on Security and Privacy in Communication Systems, Guangzhou, China, 10–12 October 2016; pp. 617–636.

Kotthoff L, Thornton C, Hoos HH, Hutter F, Leyton-Brown K. Auto-WEKA 2.0: Automatic model selection and hyperparameter optimization in WEKA. The Journal of Machine Learning Research. 2017 Jan 1;18(1):826-30.

Mark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, Ian H. Witten (2009); The WEKA Data Mining Software: An update; SIGKDD Explorations, Volume 11, Issue 1. [Available Online: http :// www.cs. waikato.ac.nz/ ml/weka/index.html]


  • There are currently no refbacks.





ISSN (Print): 2276-8645





Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.