An intrusion detection system (IDS) is used to detect numerous kinds of malware attacks, and many classification methods have been introduced by the researcher to detect malware behavior. However, even though various classification method has been proposed, the detection of malware behavior remains a challenging task as the detection method focusing more on traffic data classification. Consequently, there is a lack of classification approach employed to classify Windows Registry data for malware detection. Such a situation could cause more damages if the ransomware activity intended to affect registry besides traffic. Henceforward, the objective of this paper is to study the malware behavior which targeted registry and analyzing a series of machine learning algorithm as well as identify the most accurate algorithm in the detection of malware. Thus, this paper proposes a framework for ransomware detection by using registry data as features through a number of a machine learning algorithm. Based on conducted literature, Support Vector Machine, Decision Tree, Random Forest, Jrip, and Na?ve widely applied as a classification method for malware detection. The experiments have been carried out via the algorithm mentioned above against registry data that been affected by ransomware. The algorithm is capable of classifying registry data to detect ransomware activity precisely. The main contribution of this research illustrates that registry data could be examined via the proposed framework ?Malware Registry Detection Framework (MRDF)? specifically for malware detection. The findings of this experiment is the capability of the proposed method to identify ransomware activity and classify which machine learning algorithm come with the highest detection rate.
展开▼
