TY - JOUR
T1 - AI-based ransomware detection
T2 - A comprehensive review
AU - Ferdous, Jannatul
AU - Islam, Rafiqul
AU - Mahboubi, Arash
AU - Islam, Md Zahid
PY - 2024/9
Y1 - 2024/9
N2 - Ransomware attacks are becoming increasingly sophisticated, thereby rendering conventional detection methods less effective. Recognizing this challenge, this study reviews advanced detection mechanisms and explores the potential of artificial intelligence (AI) techniques to improve detection capabilities. This study reviews the recent literature, including journal articles, conference proceedings, and online resources since 2017, to offer insights into the current state of AI-based ransomware detection and suggests future research directions. This study contributes significantly to the development of a systematic evaluation framework that evaluates each component of the AI-based detection model framework using specific criteria and methodologies and analyzes how various AI algorithms respond to different ransomware attacks, thereby providing insights for more effective and robust detection methods. This review begins with an overview of AI and ransomware, and discusses various types of ransomware attacks, the process of an attack chain, and emerging trends. We then review the existing literature on the core components of AI-based ransomware detection models, including the datasets and challenges arising during data collection, data pre-processing, feature engineering techniques, model training, and performance evaluation for effective model training. This study assessed the detection performance of AI models using metrics such as accuracy, precision, recall, and F1-score. By synthesizing these findings, we identify gaps in the current research and suggest future directions for enhancing AI-based ransomware detection techniques. The insights provided aim to guide researchers and practitioners in developing more robust methods for detecting and mitigating ransomware attacks by using AI.
AB - Ransomware attacks are becoming increasingly sophisticated, thereby rendering conventional detection methods less effective. Recognizing this challenge, this study reviews advanced detection mechanisms and explores the potential of artificial intelligence (AI) techniques to improve detection capabilities. This study reviews the recent literature, including journal articles, conference proceedings, and online resources since 2017, to offer insights into the current state of AI-based ransomware detection and suggests future research directions. This study contributes significantly to the development of a systematic evaluation framework that evaluates each component of the AI-based detection model framework using specific criteria and methodologies and analyzes how various AI algorithms respond to different ransomware attacks, thereby providing insights for more effective and robust detection methods. This review begins with an overview of AI and ransomware, and discusses various types of ransomware attacks, the process of an attack chain, and emerging trends. We then review the existing literature on the core components of AI-based ransomware detection models, including the datasets and challenges arising during data collection, data pre-processing, feature engineering techniques, model training, and performance evaluation for effective model training. This study assessed the detection performance of AI models using metrics such as accuracy, precision, recall, and F1-score. By synthesizing these findings, we identify gaps in the current research and suggest future directions for enhancing AI-based ransomware detection techniques. The insights provided aim to guide researchers and practitioners in developing more robust methods for detecting and mitigating ransomware attacks by using AI.
UR - http://www.scopus.com/inward/record.url?scp=85204523048&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85204523048&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2024.3461965
DO - 10.1109/ACCESS.2024.3461965
M3 - Article
SN - 2169-3536
VL - 12
SP - 136666
EP - 136695
JO - IEEE Access
JF - IEEE Access
ER -