IEEE Access (Jan 2024)
MIRAD: A Method for Interpretable Ransomware Attack Detection
Abstract
In the face of escalating crypto-ransomware attacks, we introduce MIRAD, a novel dynamic detection method. MIRAD leverages machine learning to continuously monitor API calls and registry entries, detecting ransomware at all stages of infection while maintaining system performance. What sets MIRAD apart is its strong focus on interpretability. This feature allows for quick, informed adaptation to the dynamically changing threat landscape and enables the detection and elimination of errors and biases that plague black-box models. In preliminary tests on data generated in a simulated user environment, our method demonstrates a high ROC AUC, outperforming standard interpretable models such as Gaussian Naive Bayes, KNN, and Decision Trees. Importantly, MIRAD achieves a low false positive rate, addressing a common issue in dynamic ransomware detection. Our contributions also include a Python library for easy implementation of MIRAD and a comprehensive, publicly available ransomware detection dataset, facilitating broader research and implementation in ransomware defense.
Keywords
