Scientific Programming

Research Article

Modified Decision Tree Technique for Ransomware Detection at Runtime through API Calls

Table 1

Summary of the literature on RW detection and classification with findings.


Ref	Dataset	Techniques	Accuracy (%)	Pros	Cons

[16]	VirusTotal	Decision tree + RF + Bayes network	97.1	The well-organized flow of the research. The results are compared with 7 algorithms.	Few families of RW used in experiments.
[17]	VirusTotal	RNNs	96	Recurrent neural network used with convolutional layers.	Training an RNN is a very difficult testing.
[18]	VirusTotal	Decision tree + RF + k-nearest neighbour (K-NN) + naive Bayes	97.3	Performs well on large datasets.	Decision trees are prone to overfitting.
[19]	Malware-traffic analysis .net	RF + (J48)	93	RF performs sound with both continuous variables categorical data.	RF needs much more time to train.
[4]	VirusTotal	RF + J48 + logistic regression + naive Bayes	97	Involves a small amount of training data for classification	Assumption class conditional independence.
[20]	VirusShark	RF + J48	99.5	RF can be used to solve both classifications as well as regression problems.	RF is complex and much computational resources involved.
[21]	VirusShare	RF + hidden Markov models	98.4	Strong statistical foundation.	HMM often have a large number of unstructured parameters.
[22]	VirusShark	Regularized logistic regression + SVM + naive Bayes	96.3	Give good results even semistructured and unstructured data like images, text, and trees.	Difficult to understand variable weights and individual impact.
[23]	VirusTotal and VirusShare	RF + decision tree	97.95	Random forest is usually robust to the outliers.	Need to choose the number of trees.
[24]	VirusTotal	SVM	97.48	SVM compared with ANN. SVMs give better results.	Long training time for large datasets.
[25]	VirusTotal	ANN + SVM	97.8	Store information on the whole network.	ANN requires processors with parallel processing power.
[26]	Malware-traffic analysis .net	Deep neural network, 7 layers	93.92	Creates new tasks to reduce the human intervention.	They cannot make decisions beyond what the machines have been fed.