Ransomware Detection with a 2-Tier Machine Learning Approach Using a Novel Clustering Algorithm

Ransomware Detection with a 2-Tier Machine Learning Approach Using a Novel Clustering Algorithm | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Ransomware Detection with a 2-Tier Machine Learning Approach Using a Novel Clustering Algorithm Ruoming Zhang, Yuyan Liu This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4567706/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Ransomware poses a significant threat to cybersecurity, causing extensive financial and operational damage by encrypting critical data and demanding ransom for its release. The proposed novel two-tier machine learning approach significantly enhances ransomware detection through the integration of network and file system activities, providing a comprehensive view of system behaviors and improving detection accuracy. Initial clustering of network activities followed through by a refined analysis of file system data enables the identification of complex ransomware patterns. Extensive experimentation has demonstrated that this approach outperforms existing methods, achieving higher precision, recall, and overall accuracy while maintaining scalability and robustness. The research highlights the importance of leveraging diverse data sources and advanced machine learning techniques to create more resilient and effective cybersecurity defenses. The findings demonstrate the potential for practical applications in real-world scenarios, offering a significant advancement in the fight against ransomware and contributing to the protection of critical organizational assets. Computer Architecture and Engineering Ransomware Detection Machine Learning Network Data File System Full Text Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4567706","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":313414170,"identity":"37eec018-b985-4a82-a0cf-4c9af9b31fa7","order_by":0,"name":"Ruoming Zhang","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABFUlEQVRIiWNgGAWjYDACCRiDGYgZG5jlDMA8AwvitRgbgFkGEkRoYYBoSdwA1sKAW4v87OZnD7/uOSyn2857+HXhDuv07ez9Rzf8KJBg4G/vTsCmhXHOMXNjmWeHjc0O86VZzzyTnruz5zDbzR6gwyTOnN2ATQuzRIKZtMSBw4nbDvOYGfO2Hc7dcCOZ7QYPUIuBRC5WLWwS6d9QtKQbALXc/INHC49EjpnkB4gW48dALQkgLbfx2SIhkVMmzXAgHegXHjPmmW3phhvOHDa7LWMgwYPLL/Iz0rdJ/jhgLWd2/ozx58I2a3mD443Pbr75YyPH396LVQs4CHig/pJGcTIu5SDA+AOq9TM+VaNgFIyCUTByAQCP7mJO2gxgsQAAAABJRU5ErkJggg==","orcid":"https://orcid.org/0009-0000-1224-596X","institution":"","correspondingAuthor":true,"prefix":"","firstName":"Ruoming","middleName":"","lastName":"Zhang","suffix":""},{"id":313414171,"identity":"506f43e8-1e94-45b6-9e6f-46e1fa369828","order_by":1,"name":"Yuyan Liu","email":"","orcid":"https://orcid.org/0009-0004-4022-2887","institution":"","correspondingAuthor":false,"prefix":"","firstName":"Yuyan","middleName":"","lastName":"Liu","suffix":""}],"badges":[],"createdAt":"2024-06-12 05:42:51","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-4567706/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4567706/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":58247554,"identity":"908dede9-6a19-4cff-8770-5bbb1e51a738","added_by":"auto","created_at":"2024-06-13 02:39:00","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":176385,"visible":true,"origin":"","legend":"","description":"","filename":"els.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4567706/v1_covered_79e81865-d194-4502-bead-e9c932a5efd9.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eRansomware Detection with a 2-Tier Machine Learning Approach Using a Novel Clustering Algorithm\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Ransomware, Detection, Machine Learning, Network Data, File System","lastPublishedDoi":"10.21203/rs.3.rs-4567706/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4567706/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eRansomware poses a significant threat to cybersecurity, causing extensive financial and operational damage by encrypting critical data and demanding ransom for its release. The proposed novel two-tier machine learning approach significantly enhances ransomware detection through the integration of network and file system activities, providing a comprehensive view of system behaviors and improving detection accuracy. Initial clustering of network activities followed through by a refined analysis of file system data enables the identification of complex ransomware patterns. Extensive experimentation has demonstrated that this approach outperforms existing methods, achieving higher precision, recall, and overall accuracy while maintaining scalability and robustness. The research highlights the importance of leveraging diverse data sources and advanced machine learning techniques to create more resilient and effective cybersecurity defenses. The findings demonstrate the potential for practical applications in real-world scenarios, offering a significant advancement in the fight against ransomware and contributing to the protection of critical organizational assets.\u003c/p\u003e","manuscriptTitle":"Ransomware Detection with a 2-Tier Machine Learning Approach Using a Novel Clustering Algorithm","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-06-13 02:30:54","doi":"10.21203/rs.3.rs-4567706/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"1f92801c-0836-4f75-8d2d-1b24301c1ed1","owner":[],"postedDate":"June 13th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":33136204,"name":"Computer Architecture and Engineering"}],"tags":[],"updatedAt":"2024-06-13T02:30:54+00:00","versionOfRecord":[],"versionCreatedAt":"2024-06-13 02:30:54","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-4567706","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4567706","identity":"rs-4567706","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}