Ransomware Attack Detection: Developing machine learning-based detection models

Imashev, Aidar (2025) Ransomware Attack Detection: Developing machine learning-based detection models. International Journal of Science and Research Archive, 16 (1). pp. 901-911. ISSN 2582-8185

Today's cybersecurity infrastructure faces a significant difficulty due to the rise and development of ransomware attacks. Typically, antivirus tools that use signatures cannot identify new and fast-changing ransomware, so changes in detection are required. The piece looks at how machine learning can be used to spot ransomware during attacks. This method relies on feature engineering, where relevant details are removed and picked out from masses of activity, files, and traffic seen on the computer. Both static and dynamic features help identify whether a system is infected with ransomware before any payload is launched. Many machine learning algorithms are studied to find out if they can help model the actions of complex ransomware. Addressing model evaluation metrics such as precision, recall, F1-score, and ROC-AUC explains the limitations of using models in practice. This means the models must quickly identify threats and avoid mistakenly reporting them as false alarms in the real world. Furthermore, the article mentions issues related to skewed data, bypassing defenses, and growing systems in applications used in real-time. Using models that apply machine learning technology, businesses can enhance their response to threats. Therefore, organizations are prepared to face new ransomware attacks using information from the data they protect.