Ransomware Detection and Classification using Ensemble Learning: A Random Forest Tree Approach

Anwar S., Ahad A., Hussain M., Shayea I. A. M., Pires I. M.

10th International Conference on Wireless Networks and Mobile Communications, WINCOM 2023, İstanbul, Turkey, 26 - 28 October 2023 identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/wincom59760.2023.10323025
  • City: İstanbul
  • Country: Turkey
  • Keywords: K nearest Neighbors, Random Forest Tree, ransomware, Support Vector Machine, Viruses
  • Istanbul Technical University Affiliated: Yes


Viruses significantly threaten computer systems, potentially causing extensive damage and data loss. All users must prioritize cybersecurity by installing effective antivirus software, safeguarding their PCs against potential harm. Even though there are many different kinds of malware, ransomware is particularly dangerous since it prevents victims from accessing their vital data or locks files permanently unless they pay a ransom to the attackers. Recent ransomware strains must be categorized promptly. Data for the present investigation was gathered from a variety of web resources, including Kaggle and ransomware.re. Concerning using Kaggle to acquire harmless datasets, ransomware.re is retrieved for use in a study on ransomware. Many preprocessing methods, such as Normalisation and Imputation, are used to polish our datasets. The most recent additions to the dataset were classified using the Random Forest tree classifier, with a final accuracy of 99.9%. Random Forest Tree fared exceptionally well compared to the KNN and SVM algorithms. We also highlighted that additional preprocessing methods can enhance outcomes for SVM and KNN.