A fine-tuning of decision tree classifier for ransomware detection based on memory data

Ransomware has evolved into a pervasive and extremely disruptive cybersecurity threat, causing
substantial operational and financial damage to individuals and businesses. This article explores
the critical domain of Ransomware detection and employs Machine Learning (ML) classifiers,
particularly Decision Tree (DT), for Ransomware detection. The article also delves into the usefulness of DT in identifying Ransomware attacks, leveraging the innate ability of DT to recognize
complex patterns within datasets. Instead of merely introducing DT as a detection method, we
adopt a comprehensive approach, emphasizing the importance of fine-tuning DT hyperparameters. The optimization of these parameters is essential for maximizing the DT capability to identify
Ransomware threats accurately. The obfuscated-MalMem2022 dataset, which is well-known for
its extensive and challenging Ransomware-related data, was utilized to evaluate the effectiveness
of DT in detecting Ransomware. The implementation uses the versatile Python programming language, renowned for its efficiency and adaptability in data analysis and ML tasks. Notably, the
DT classifier consistently outperforms other classifiers in Ransomware detection, including KNearest Neighbors, Gradient Boosting Tree, Naive Bayes, and Linear Support Vector Classifier.
For instance, the DT demonstrated exceptional effectiveness in distinguishing