Enhancing Ransomware Detection with Machine Learning Techniques and Effective API Integration

Asad Iqbal, Mehdi Hussain, Qaiser Riaz, Madiha Khalid, Rafia Mumtaz, Ki-Hyun Jung,
Enhancing Ransomware Detection with Machine Learning Techniques and Effective API Integration,
Computers, Materials and Continua,
Volume 85, Issue 1,
2025,
Pages 1693-1714,
ISSN 1546-2218,
https://doi.org/10.32604/cmc.2025.064260.
(https://www.sciencedirect.com/science/article/pii/S1546221825007696)
Abstract: Ransomware, particularly crypto-ransomware, remains a significant cybersecurity challenge, encrypting victim data and demanding a ransom, often leaving the data irretrievable even if payment is made. This study proposes an early detection approach to mitigate such threats by identifying ransomware activity before the encryption process begins. The approach employs a two-tiered approach: a signature-based method using hashing techniques to match known threats and a dynamic behavior-based analysis leveraging Cuckoo Sandbox and machine learning algorithms. A critical feature is the integration of the most effective Application Programming Interface call monitoring, which analyzes system-level interactions such as file encryption, key generation, and registry modifications. This enables the detection of both known and zero-day ransomware variants, overcoming limitations of traditional methods. The proposed technique was evaluated using classifiers such as Random Forest, Support Vector Machine, and K-Nearest Neighbors, achieving a detection accuracy of 98% based on 26 key ransomware attributes with an 80:20 training-to-testing ratio and 10-fold cross-validation. By combining minimal feature sets with robust behavioral analysis, the proposed method outperforms existing solutions and addresses current challenges in ransomware detection, thereby enhancing cybersecurity resilience.
Keywords: Ransomware; machine learning malware; cyber security; malware; application program interface (API) malware