Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems

Cybersecurity faces significant challenges from malicious attacks, malware, and ransomware variants, posing serious threats to computer systems, infrastructure, data centers, web and mobile applications across diverse sectors. Conventional anti-ransomware systems struggle to keep pace with evolving sophisticated threats. Therefore, advanced methodologies, including both traditional and artificial intelligence based approaches, are becoming increasingly crucial in developing innovative ransomware countermeasures. This study presents a novel hybrid detection framework for ransomware, combining entropy and frequency analysis with various machine learning algorithms, including Multi-Layer Perceptron MLP, Decision Trees DT, Random Forests RF, K-Nearest Neighbor KNN, and Logistic Regression LR. We evaluate the classification performance of these models using a specialized ransomware dataset. Our approach also incorporates data augmentation techniques to enhance the detection capabilities, generating synthetic data based on the original ransomware samples. Our experiments demonstrate that the DT and RF classifiers significantly outperform other methods in terms of accuracy, F1-score, and precision. Specifically, the DT classifier achieved an accuracy of 98.89%, an F1-score of 98.81%, and a precision of 98.90%, while the RF classifier achieved an accuracy of 98.78%, an F1-score of 98.23%, and a precision of 98.99%. The integration of data augmentation further boosted the model’s performance, resulting in substantial improvements across all metrics.