Ransomware is one of the most dangerous cyber threats today, as it can disrupt systems and cause serious financial losses. Traditional detection methods often fail to catch newer attacks because they can hide within normal network traffic. In this study, we used machine learning to detect ransomware based on network data. We tested four models Logistic Regression, Decision Tree, Random Forest, and Gradient Boosting using the UGRansome dataset, both before and after balancing it with SMOTE. The Decision Tree model gave the best results, achieving 99.40% accuracy, 98.0% precision, 99.90% recall, and an AUC-ROC of 99.95%. We also found that protocol flags and network flow features played a key role in detecting attacks. Overall, using tree-based models with balanced data proved to be a simple and effective way to build a real-time ransomware detection system.
Almulla et al. (Thu,) studied this question.