IEOM Index
Ransomware is a major threat in the modern cybersecurity field, causing billions of United States Dollars in damages each year. To combat this issue, there has been research and the application of machine learning and artificial intelligence techniques as a defensive measure. In current literature, there is a focus on using a singular model to detect ransomware in general. However, this method has an issue of accuracy decay due to the shifting methods of attack used by ransomware. While some works focus on using deep learning methods and optimization algorithms, this article investigates another method of mitigating performance decay that is less process intensive. The goal of this article is to propose a multi-model system that uses specialized models trained on specific families of ransomware to reduce decay over time. This works by reducing the amount of variance represented in each model. To test the comparative performance of this model against the common general models, a dataset is created for training using hybrid analysis of ransomware samples. A testing dataset was also created using the same methods but contained ransomware families not represented in the training dataset to test the comparative accuracy decay. The proposed system outperformed the general models at a threshold of one vote, had less decay compared to the general models, and performed comparatively to other similar works. This system, however, needs further fine-tuning to increase performance as it did not outperform all similar works, alongside rigorous testing to ensure the reduction in decay will be consistent over time.