Ransomware Detection from Abnormal Behavior Traffic Using The ‎Ensemble Model

  • Authors

    • S Gomathi Assistant Professor/CSE, Dr. N.G.P. Institute of Technology, Coimbatore, India
    • K Anithakumari Associate Professor/IT, PSG College of Technology, Coimbatore, Tamil Nadu, India
    https://doi.org/10.14419/zk0xqn54

    Received date: July 15, 2025

    Accepted date: July 24, 2025

    Published date: November 1, 2025

  • Ransomware; Voting Ensemble Learning; Machine Learning; Network Traffic Analysis; Preprocessing; Feature Selection

  • Abstract

    Ransomware is a grave online security menace to both personal and business data and information. Computer resource owners can be ‎affected by authentication and privacy breaches, as well as financial damage and reputational damage, in the event of a Ransomware attack. ‎However, the majority of machine learning-based ransomware detector studies are limited by malware obscurity, a lack of a proper analysis ‎ecosystem, incorrect models, and low false-positive rates. To address these issues, this paper proposes Ransomware Detection through ‎Voting and Learning (RDVL) as an ensemble-based approach for ransomware detection. We retrieved the ransomware data from the Kaggle ‎repository in the first place. Then, the collected dataset is normalized with the assistance of L1-Norm Maximization and a Principal ‎Component Analysis (PCA), and the most appropriate ransomware attributes are chosen. Finally, to categorize Ransomware as a subset of ‎the abnormal traffic, RDVL-based ensemble methods are used, including bagging, boosting, and voting. The research aim will be to identify ‎the first instance of a malicious notification of network traffic and its position within a ransomware procedure.‎

    It also enables the identification of the activity of Ransomware at an early stage before it is influential. This research uses ransomware ‎abnormal traffic data to complete all the experiments on our proposed framework. As per the outcome of the experiment, the proposed ‎classifier proves to be stronger than other techniques in terms of accuracy scores and sensitivity scores‎.

  • References

    1. Shweta Sharma, C. Rama Krishna, Rakesh Kumar, RansomDroid: Forensic analysis and detection of Android Ransomware using unsupervised ma-chine learning technique, Forensic Science International: Digital Investigation, Volume 37, 2021, 301168, ISSN 2666-2817. https://doi.org/10.1016/j.fsidi.2021.301168.
    2. Akhtar, M. S., & Feng, T. (2022). Detection of Malware by Deep Learning as CNN-LSTM Machine Learning Techniques in Real Time. Symmetry, 14(11), 2308. https://doi.org/10.3390/sym14112308.
    3. Zahoora, U., Khan, A., Rajarajan, M., Khan, S. H., Asam, M., & Jamal, T. (2022). Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier. Scientific Reports, 12(1), 1-15. https://doi.org/10.1038/s41598-022-19443-7.
    4. Li, Guan, Shaohui Wang, Yanbin Chen, Jie Zhou, and Qihang Zhao. "A hybrid framework for ransomware detection using deep learning and monte carlo tree search." (2024). https://doi.org/10.31219/osf.io/cjyvb.
    5. Alomari, E. S., Nuiaa, R. R., Alyasseri, Z. A., Mohammed, H. J., Sani, N. S., Esa, M. I., & Musawi, B. A. (2022). Malware Detection Using Deep Learning and Correlation-Based Feature Selection. Symmetry, 15(1), 123. https://doi.org/10.3390/sym15010123.
    6. F. Khan, C. Ncube, L. K. Ramasamy, S. Kadry and Y. Nam, "A Digital DNA Sequencing Engine for Ransomware Detection Using Machine Learn-ing," in IEEE Access, vol. 8, pp. 119710-119719, 2020. https://doi.org/10.1109/ACCESS.2020.3003785.
    7. Ramkumar, M., et al. "Identifying cancer risks using spectral subset feature selection based on multi-layer perception neural network for premature treatment." Computer Methods in Biomechanics and Biomedical Engineering 27.13 (2024): 1804-1816. https://doi.org/10.1080/10255842.2023.2262662.
    8. S.H. Kok, A. Azween, NZ Jhanjhi, Evaluation metric for crypto-ransomware detection using machine learning, Journal of Information Security and Applications, Volume 55, 2020,102646, ISSN 2214-2126. https://doi.org/10.1016/j.jisa.2020.102646.
    9. Manabu Hirano, Ryo Hodota, Ryotaro Kobayashi, RanSAP: An open dataset of ransomware storage access patterns for training machine learning models, Forensic Science International: Digital Investigation, Volume 40, 2022, 301314, ISSN 2666-2817. https://doi.org/10.1016/j.fsidi.2021.301314.
    10. Sakthivel, S., and B. Dhiyanesh. "A privacy-preserving storage security for spatial data in dynamics cloud environment." 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT). IEEE, 2013. https://doi.org/10.1109/ICCCNT.2013.6726759.
    11. Gowtham Ramesh, Anjali Menen, Automated dynamic approach for detecting Ransomware using finite-state machine, Decision Support Systems, Volume 138, 2020, 113400, ISSN 0167-9236. https://doi.org/10.1016/j.dss.2020.113400.
    12. Ilker Kara, Murat Aydos, the rise of Ransomware: Forensic analysis for windows based ransomware attacks, Expert Systems with Applications, Vol-ume 190, 2022, 116198, ISSN 0957-4174. https://doi.org/10.1016/j.eswa.2021.116198.
    13. S.H. Kok, Azween Abdullah, NZ Jhanjhi, Early detection of crypto-ransomware using pre-encryption detection algorithm, Journal of King Saud Uni-versity - Computer and Information Sciences, Volume 34, Issue 5, 2022, Pages 1984-1999, ISSN 1319-1578. https://doi.org/10.1016/j.jksuci.2020.06.012.
    14. M. Basnet, S. Poudyal, M. H. Ali and D. Dasgupta, "Ransomware Detection Using Deep Learning in the SCADA System of Electric Vehicle Charg-ing Station," 2021 IEEE PES Innovative Smart Grid Technologies Conference - Latin America (ISGT Latin America), Lima, Peru, 2021, pp. 1-5. https://doi.org/10.1109/ISGTLatinAmerica52371.2021.9543031.
    15. C. Prasanth, R. P. Kumar, A. Rangesh, N. Sasmitha and D. B, "Intelligent Loan Eligibility and Approval System based on Random Forest Algorithm using Machine Learning," 2023 International Conference on Innovative Data Communication Technologies and Application (ICIDCA), Uttarakhand, India, 2023. https://doi.org/10.1109/ICIDCA56705.2023.10100225.
    16. B. A. S. Al-Rimy et al., "A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary De-lineation and Features Extraction," in IEEE Access, vol. 8, pp. 140586-140598, 2020. https://doi.org/10.1109/ACCESS.2020.3012674.
    17. I. Almomani et al., "Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbalanced Data," in IEEE Access, vol. 9, pp. 57674-57691, 2021. https://doi.org/10.1109/ACCESS.2021.3071450.
    18. Gulmez, S., Gorgulu Kakisim, A., & Sogukpinar, I. (2024). XRan: Explainable deep learning-based ransomware detection using dynamic analysis. Computers & Security, 139, 103703. https://doi.org/10.1016/j.cose.2024.103703.
    19. P. Bajpai and R. Enbody, "Memory Forensics Against Ransomware," 2020 International Conference on Cyber Security and Protection of Digital Ser-vices (Cyber Security), Dublin, Ireland, 2020, pp. 1-8. https://doi.org/10.1109/CyberSecurity49315.2020.9138853.
    20. M. Al-Janabi and A. M. Altamimi, "A Comparative Analysis of Machine Learning Techniques for Classification and Detection of Malware," 2020 21st International Arab Conference on Information Technology (ACIT), Giza, Egypt, 2020, pp. 1-9. https://doi.org/10.1109/ACIT50332.2020.9300081.
    21. Amos Loh Yee Ren, Chong Tze Liang, Im Jun Hyug, Sarfraz Nawaz Broh, NZ Jhanjhi, Year: 2020, A Three-Level Ransomware Detection and Pre-vention Mechanism, EW, EAI.
    22. Shaukat, K., Luo, S., & Varadharajan, V. (2023). A novel deep learning-based approach for malware detection. Engineering Applications of Artificial Intelligence, 122, 106030. https://doi.org/10.1016/j.engappai.2023.106030.
    23. Karthick, Mr K., et al. "A subset scaling recursive feature collection based DDoS detection using behavioural based ideal neural network for security in a cloud environment." Procedia Computer Science 215 (2022): 509-518. https://doi.org/10.1016/j.procs.2022.12.053.
    24. Per Håkon Meland, Yara Fareed Fahmy Bayoumy, Guttorm Sindre, The Ransomware-as-a-Service economy within the darknet, Computers & Securi-ty, Volume 92, 2020, 101762, ISSN 0167-4048. https://doi.org/10.1016/j.cose.2020.101762.
    25. A. H. Mohammad, " Kale, Bukola & Aworo, Solomon & Anyangwu, Cynthia. (2022). Cyber-Attacks on Digital Infrastructures in HealthCare: The Secured Approach.
    26. K. Liu, S. Xu, G. Xu, M. Zhang, D. Sun and H. Liu, "A Review of Android Malware Detection Approaches Based on Machine Learning," in IEEE Access, vol. 8, pp. 124579-124607, 2020. https://doi.org/10.1109/ACCESS.2020.3006143.
    27. Y. Pan, X. Ge, C. Fang and Y. Fan, "A Systematic Literature Review of Android Malware Detection Using Static Analysis," in IEEE Access, vol. 8, pp. 116363-116379, 2020. https://doi.org/10.1109/ACCESS.2020.3002842.
    28. Ammal, S.G., Saranya, K. et al. Advanced Cloud-Based Prediction Models for Cardiovascular Disease: Integrating Machine Learning and Feature Selection Techniques. SN COMPUT. SCI. 5, 572 (2024). https://doi.org/10.1007/s42979-024-02927-w.
    29. Adarsh Kumar Singh, Gandharv Wadhwa, Mayank Ahuja, Keshav Soni, Kapil Sharma, Android Malware Detection using LSI-based Reduced Op-code Feature Vector, Procedia Computer Science, Volume 173, 2020, Pages 291-298, ISSN 1877-0509. https://doi.org/10.1016/j.procs.2020.06.034.
    30. R. Feng, S. Chen, X. Xie, G. Meng, S. -W. Lin and Y. Liu, "A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices," in IEEE Transactions on Information Forensics and Security, vol. 16, pp. 1563-1578, 2021. https://doi.org/10.1109/TIFS.2020.3025436.
    31. Ashour, M. (2024). Zero-trust architectures in enterprise networks: A comprehensive framework for next-generation cybersecurity. Electronics, Com-munications, and Computing Summit, 2(3), 18–27.
    32. Poornimadarshini, S. (2025). Topology Optimization of Brushless DC Machines for Low-Noise and High-Torque Applications. National Journal of Electrical Machines & Power Conversion, 45-51.
    33. Van, C., Trinh, M. H., & Shimada, T. (2025). Graphene innovations in flexible and wearable nanoelectronics. Progress in Electronics and Communi-cation Engineering, 2(2), 10–20.
    34. Wilamowski, G. J. (2025). Embedded system architectures optimization for high-performance edge computing. SCCTS Journal of Embedded Systems Design and Applications, 2(2), 47–55.
    35. Jeon, S., Lee, H., Kim, H.-S., & Kim, Y. (2023). Universal Shift Register: QCA Based Novel Technique for Memory Storage Modules. Journal of VLSI Circuits and Systems, 5(2), 15–21. https://doi.org/10.31838/jvcs/05.02.03.
    36. Prasath, C. A. (2025). Adaptive filtering techniques for real-time audio signal enhancement in noisy environments. National Journal of Signal and Im-age Processing, 1(1), 26–33.
    37. Veerappan, S. (2024). A comparative study of NFC and UWB technologies for secure contactless payment systems. National Journal of RF Circuits and Wireless Systems, 1(1), 49–57.
    38. Rahim, R. (2025). Lightweight speaker identification framework using deep embeddings for real-time voice biometrics. National Journal of Speech and Audio Processing, 1(1), 15–21.
    39. Surendar, A. (2025). AI-driven optimization of power electronics systems for innovative grid applications. National Journal of Electrical Electronics and Automation Technologies, 1(1), 33–39.

  • Downloads

  • How to Cite

    Gomathi, S. ., & Anithakumari, K. . (2025). Ransomware Detection from Abnormal Behavior Traffic Using The ‎Ensemble Model. International Journal of Basic and Applied Sciences, 14(SI-1), 594-605. https://doi.org/10.14419/zk0xqn54