Majority Voting Ransomware Detection System

Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions the ever-changing dynamic landscape of ransomware detection. In majority cases, these described propose method based on result single test performed either executable code, process under investigation, its behaviour, or output. small subset systems, concept scorecard is employed where multiple tests are various aspects investigation their results then analysed using machine learning. The purpose this paper new voting approach by developing that uses cumulative score derived from discrete calculations algorithmic rather than heuristic techniques. describes 23 candidate tests, well 9 Windows API which validated determine both accuracy viability for use within system. Using calculation has several benefits, such immunity occasional inaccuracy individual when final classification. system can also leverage be comprehensive complimentary in an attempt achieve broader, deeper, more robust analysis program investigation. Additionally, collaborative significantly hinders masking modifying behaviour bypass achieved research demonstrate many high degree differentiating between benign malicious targets suggestions offered how combinations could adapted further improve accuracy.