Detection of WannaCry Ransomware using machine learning techniques

Abstract

As the modern society embraces the digital age, there are powerful threats like malware that are developing daily and they continue to impact a large number of computing devices. Malware is malicious software that are designed to cause harm as intended by the malicious actor. Today’s ransomware families implement very sophisticated encryption, obfuscation and propagation schemes that limit the ability to recover the lost data, even if the ransom is paid, there is no guarantee. Security researchers continue to use the signature-based and behavioral based detection but that is not enough. We collect the data, preprocess, perform feature extraction and build the classifiers that are applied to the various supervised machine learning algorithms with the mode. We built an artificial intelligence model to detect wannacry ransomware using the machine learning classification algorithms. We present our ransomware analysis results on both the static and dynamic analysis and our developed machine learning model. To prove our concept, We used the wannacry dataset together with other two malware datasets to train and test the performance of the various classification algorithms. The datasets were explored, pre-processed, and split into training data and testing data with a ratio of 7:3. During data collection, we ensured to obtain good training data. This resulted into good machine learning classifiers for Random Forest, Gradient Boost and KNN with a performance of 99%. We also used the Deep Neural Multilayer Perceptron algorithm which also had a performance of 98%. With these results, this shows machine learning can be used to detect wannacry on infected machines and prevent it from spreading.