In the face of escalating crypto-ransomware attacks, which encrypt user data for ransom, our study introduces a significant advancement in dynamic ransomware detection. We develop an innovative machine learning model capable of identifying ransomware activity. This model is uniquely trained in a simulated user environment, enhancing detection accuracy under realistic conditions and addressing the imbalances typical of ransomware datasets.
A notable aspect of our approach is the emphasis on interpretability. We employ a simplified version of Generalized Additive Models (GAMs), ensuring clarity in how individual features influence predictions. This is crucial for minimizing false positives, a common challenge in dynamic detection methods. Our contributions to the field include a Python library for easy application of our detection method, and a comprehensive, publicly available ransomware detection dataset. These resources aim to facilitate broader research and implementation in ransomware defense.