Ransomware Prediction

Guide Name: Team

Member(s):
Ms. Aradhana Saini Ayush Mishra
Rohit Kumar Singh
Raman Kumar
Pankaj Singh

Department of Computer Science & Engineering (CSE), G.L.

Bajaj Institute of Technology and Management, Greater Noida
 Table of Content
• Introduction:
• Literature Survey/ Study of existing work:
(This will describe the previous work which is done by the various authors/developers related to the project and
already running project at any location. Take at least 5 previous work)

• Objective(s)
• Proposed Methodology
(Methodology will include the steps to be followed to complete the project during the project development,
Flowchart, Algorithm, etc.)

• Conclusion and Future Scope

• References (APA Format)
Department of Computer Science & Engineering (CSE), G.L.
Bajaj Institute of Technology and Management, Greater Noida
 Introduction
Idealistic hackers attacked computers in the early days because they were eager to prove themselves. Cracking machines,
however, is an industry in today's world. Despite recent improvements in software and computer hardware security, both
in frequency and sophistication, attacks on computer systems have increased. Regrettably, there are major drawbacks to
current methods for detecting and analysing unknown code samples. The Internet is a critical part of our everyday lives
today.
Sign of Ransomware :

●Ransomware scans a system and disables or removes processes, services, and software that can help detect or recover from the attack,
before beginning the encryption phase.

●Ransomware deletes system backups, recovery partitions, and shadow copies to prevent potential data recovery.

●Ransomware disables and clears the system event log.

●After the above preparation steps, selected file systems containing business-critical data are encrypted.

●Finally, ransomware leaves a “ransom note” with the malicious attacker’s contact information so the victim can pay the ransom to release their
data.

Department of Computer Science & Engineering (CSE), G.L.

Bajaj Institute of Technology and Management, Greater Noida
 Literature Survey
In 2008, Symantec published a report that "the release rate of malicious code and other unwanted programs
may be exceeding that of legitimate software applications.” According to F-Secure, "As much malware was
produced in 2007 as in the previous 20 years altogether.”.

Since the rise of widespread Internet access, malicious software has been designed for a profit, for example
forced advertising. For instance, since 2003, the majority of widespread viruses and worms have been
designed to take control of users' computers for black-market exploitation. Another category of malware,
spyware, - programs designed to monitor users' web browsing and steal private information. Spyware
programs do not spread like viruses, instead are installed by exploiting security holes or are packaged with
user-installed software, such as peer-to-peer applications.

Clearly, there is a very urgent need to find, not just a suitable method to detect infected files, but too build a
smart engine that can detect new viruses by studying the structure of system calls made by malware.

Department of Computer Science & Engineering (CSE), G.L.

Bajaj Institute of Technology and Management, Greater Noida
 Objective(s)
Ransomware Detection is a significant part of endpoint security including workstations,
servers, cloud instances, and mobile devices. Malware Detection is used to detect and
identify malicious activities caused by malware. With the increase in the variety of malware
activities on different files online and offline, It's Important for Data Security, Privacy and
protection. So We will use Machine Learning and its algorithm to see the accuracy and
prediction on Ransomware Datasets. In this Project we will use many different algorithms
for analysing and studying the Ransomware in Dataset.
 Proposed Methodology
1. Overview of Ransomware:-Ransomware is a form of malware that encrypts files on the victim's system, making them
inaccessible until a ransom is paid. It can propagate through various vectors, including malicious email attachments, infected
websites, or vulnerable software. Ransomware attacks have become more sophisticated over time, employing techniques such as
polymorphism and encryption evasion to bypass traditional security measures.

2. Need for Machine Learning in Ransomware Detection:-Traditional signature-based approaches in antivirus software rely on
known patterns and signatures of known ransomware strains. However, this approach is ineffective against zero-day attacks and
new variants that have not yet been identified and added to signature databases. Machine learning offers a promising solution by
enabling the detection of previously unseen and evolving ransomware strains based on learned patterns and behaviors.

3. Machine Learning in Ransomware Detection:-Machine learning algorithms analyze large volumes of data to identify patterns
and make predictions or decisions
 Algorithms Used
1.DECISION TREE:
The decision tree Algorithm belongs to the family of supervised machine learning algorithms. It can be used for
both a classification problem as well as for a regression problem.
The goal of this algorithm is to create a model that predicts the value of a target variable, for which the decision tree
uses the tree representation to solve the problem in which the leaf node corresponds to a class label and attributes are
represented on the internal node of the tree.
2. Logistic Regression:
Logistic regression is a data analysis technique that uses mathematics to find the relationships between two data factors.
It then uses this relationship to predict the value of one of those factors based on the other.
The prediction usually has a finite number of outcomes, like yes or no.
Logistic regression is an important technique in the field of artificial intelligence and machine learning (AI/ML).
 Algorithms Used

3.SVM:
Support Vector Machine or SVM is one of the most popular Supervised Learning algorithms, which is used
for Classification as well as Regression problems. However, primarily, it is used for Classification problems
in Machine Learning.The goal of the SVM algorithm is to create the best line or decision boundary that can
segregate n-dimensional space into classes so that we can easily put the new data point in the correct
category in the future. This best decision boundary is called a hyperplane .

4.GaussianNB:
The probabilistic classification algorithm Gaussian Naive Bayes (GNB) is founded on the Bayes
theorem. Given the class label, it is assumed that features follow a Gaussian distribution and are
conditionally independent. For continuous data, GNB is especially helpful. The algorithm calculates the
variance and mean of each feature for every class during training. During the prediction stage, it
determines which class an instance is most likely to belong to by calculating the probability of each
class. Text classification and spam filtering are just two of the many applications that can benefit from
GNB’s computational efficiency and ability to handle high-dimensional datasets.
 References
[1]http://www.us-cert.gov/control_systems/pdf/undirected_attack0905.pdf

[2] "Defining Malware: FAQ". http://technet.microsoft.com. Retrieved 2009-09-10.

[3] F-Secure Corporation (December 4, 2007). "F-Secure Reports Amount of Malware Grew by 100% during
2007". Press release. Retrieved 2007-12-11.

[4] History of Viruses. http://csrc.nist.gov/publications/nistir/threats/subsubsection3_3_1_1.html

[5] Landesman, Mary (2009). "What is a Virus Signature?” Retrieved 2009-06-18.

 THANK YOU

Department of Computer Science & Engineering (CSE), G.L.

Bajaj Institute of Technology and Management, Greater Noida