AI-Based Ransomware Detection: A Comprehensive Review

Abstract

Read online

Ransomware attacks are becoming increasingly sophisticated, thereby rendering conventional detection methods less effective. Recognizing this challenge, this study reviews advanced detection mechanisms and explores the potential of artificial intelligence (AI) techniques to improve detection capabilities. This study reviews the recent literature, including journal articles, conference proceedings, and online resources since 2017, to offer insights into the current state of AI-based ransomware detection and suggests future research directions. This study contributes significantly to the development of a systematic evaluation framework that evaluates each component of the AI-based detection model framework using specific criteria and methodologies and analyzes how various AI algorithms respond to different ransomware attacks, thereby providing insights for more effective and robust detection methods. This review begins with an overview of AI and ransomware, and discusses various types of ransomware attacks, the process of an attack chain, and emerging trends. We then review the existing literature on the core components of AI-based ransomware detection models, including the datasets and challenges arising during data collection, data pre-processing, feature engineering techniques, model training, and performance evaluation for effective model training. This study assessed the detection performance of AI models using metrics such as accuracy, precision, recall, and F1-score. By synthesizing these findings, we identify gaps in the current research and suggest future directions for enhancing AI-based ransomware detection techniques. The insights provided aim to guide researchers and practitioners in developing more robust methods for detecting and mitigating ransomware attacks by using AI.

Keywords

• Artificial intelligence
• cyberattack
• deep learning
• feature engineering
• machine learning
• ransomware attack