Issue

Vol. 10, No. 4, November 2025

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

XGBoost-Powered Ransomware Detection

A Gradient-Based Machine Learning Approach for Robust Performance
https://doi.org/10.22219/kinetik.v10i4.2405
Wildanil Ghozi
Universitas Dian Nuswantoro
Heru Lestiawan
Universitas Dian Nuswantoro
Ramadhan Rakhmat Sani
Universitas Dian Nuswantoro
Jassim Nadheer Hussein
Alfa University College
Fauzi Adi Rafrastara
Universitas Dian Nuswantoro

Corresponding Author(s) : Fauzi Adi Rafrastara

fauziadi@dsn.dinus.ac.id

Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, Vol. 10, No. 4, November 2025

Abstract

Ransomware remains a rapidly evolving cyber threat, causing substantial financial and operational disruptions globally. Traditional signature-based detection systems are ineffective against sophisticated, zero-day attacks due to their static nature. Consequently, machine learning-based approaches offer a more effective and adaptive alternative. This study proposes an approach utilizing XGBoost for highly effective ransomware detection. We conducted a rigorous comparative analysis of prominent ensemble learning algorithms—XGBoost, Random Forest, Gradient Boosting, and AdaBoost—on the RISS Ransomware Dataset, comprising 1,524 instances. Our experimental results unequivocally demonstrate XGBoost as the superior ensemble model, achieving an impressive 97.60% accuracy and F1-Score. This performance surpassed Gradient Boosting (97.20%), Random Forest (96.94%), and AdaBoost (96.50%). Furthermore, this study benchmarked XGBoost against established state-of-the-art (SOTA) methods, including Support Vector Machine (SVM) and the SA-CNN-IS deep learning approach. The comprehensive results confirm that XGBoost not only excels among ensemble methods but also outperforms or matches these leading SOTA techniques, solidifying its position as an exceptionally effective and adaptive solution. These findings underscore the limitations of conventional security measures and emphasize the critical need for advanced, data-driven detection methods to combat the dynamic landscape of ransomware threats.

Keywords

ransomware machine learning xgboost ensemble learning classification
Ghozi, W., Lestiawan, H., Sani, R. R., Hussein, J. N., & Rafrastara, F. A. (2025). XGBoost-Powered Ransomware Detection: A Gradient-Based Machine Learning Approach for Robust Performance. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 10(4). https://doi.org/10.22219/kinetik.v10i4.2405
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX
References
  1. F. A. Rafrastara, C. Supriyanto, C. Paramita, Y. P. Astuti, and F. Ahmed, “Performance Improvement of Random Forest Algorithm for Malware Detection on Imbalanced Dataset using Random Under-Sampling Method,” JPIT, vol. 8, no. 2, pp. 113–118, 2023.
  2. F. A. Rafrastara, C. Supriyanto, C. Paramita, and Y. P. Astuti, “Deteksi Malware menggunakan Metode Stacking berbasis Ensemble,” JPIT, vol. 8, no. 1, pp. 11–16, 2023.
  3. U. Urooj, B. A. S. Al-rimy, A. Zainal, F. A. Ghaleb, and M. A. Rassam, “Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions,” Applied Sciences, vol. 12, no. 1, p. 172, Dec. 2021, doi: 10.3390/app12010172.
  4. Er. Kritika, “A comprehensive literature review on ransomware detection using deep learning,” Cyber Security and Applications, vol. 3, p. 100078, Dec. 2025, doi: 10.1016/j.csa.2024.100078.
  5. A. Kapoor, A. Gupta, R. Gupta, S. Tanwar, G. Sharma, and I. E. Davidson, “Ransomware Detection, Avoidance, and Mitigation Scheme: A Review and Future Directions,” Sustainability, vol. 14, no. 1, p. 8, Dec. 2021, doi: 10.3390/su14010008.
  6. M. Robles-Carrillo and P. García-Teodoro, “Ransomware: An Interdisciplinary Technical and Legal Approach,” Security and Communication Networks, vol. 2022, pp. 1–17, Aug. 2022, doi: 10.1155/2022/2806605.
  7. H. Oz, A. Aris, A. Levi, and A. S. Uluagac, “A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions,” ACM Comput. Surv., vol. 54, no. 11s, pp. 1–37, Jan. 2022, doi: 10.1145/3514229.
  8. M. S. Abbasi, H. Al-Sahaf, and I. Welch, “Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification,” in Applications of Evolutionary Computation, vol. 12104, P. A. Castillo, J. L. Jiménez Laredo, and F. Fernández De Vega, Eds., in Lecture Notes in Computer Science, vol. 12104. , Cham: Springer International Publishing, 2020, pp. 181–196. doi: 10.1007/978-3-030-43722-0_12.
  9. B. A. S. Al-rimy, M. A. Maarof, and S. Z. M. Shaid, “Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions,” Computers & Security, vol. 74, pp. 144–166, May 2018, doi: 10.1016/j.cose.2018.01.001.
  10. M. S. BALAMURUGAN, V. RAJENDRAN, and S. C. MARY, “A REVIEW ON COGNITIVE BASED RANSOMWARE DETECTION USING MACHINE LEARNING AND DEEP LEARNING TECHNIQUES,” JATIT, vol. 102, no. 10, pp. 4572–4581, May 2024.
  11. A. Alqahtani and F. T. Sheldon, “A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook,” Sensors, vol. 22, no. 5, p. 1837, Feb. 2022, doi: 10.3390/s22051837.
  12. F. A. Rafrastara et al., “Integrating Information Gain and Chi-Square for Enhanced Malware Detection Performance,” JICT, vol. 24, no. 1, pp. 80–104, Jan. 2025, doi: 10.32890/jict2025.24.1.4.
  13. R. R. Sani, F. A. Rafrastara, and W. Ghozi, “Integrating Ensemble Learning and Information Gain for Malware Detection based on Static and Dynamic Features,” KINETIK, Jan. 2025, doi: 10.22219/kinetik.v10i1.2051.
  14. Y. A. Ahmed, B. Koçer, S. Huda, B. A. Saleh Al-rimy, and M. M. Hassan, “A system call refinement-based enhanced Minimum Redundancy Maximum Relevance method for ransomware early detection,” Journal of Network and Computer Applications, vol. 167, p. 102753, Oct. 2020, doi: 10.1016/j.jnca.2020.102753.
  15. M. Al-Hawawreh, M. Alazab, M. A. Ferrag, and M. S. Hossain, “Securing the Industrial Internet of Things against ransomware attacks: A comprehensive analysis of the emerging threat landscape and detection mechanisms,” Journal of Network and Computer Applications, vol. 223, p. 103809, Mar. 2024, doi: 10.1016/j.jnca.2023.103809.
  16. J. Hernandez-Castro, A. Cartwright, and E. Cartwright, “An economic analysis of ransomware and its welfare consequences,” R. Soc. open sci., vol. 7, no. 3, p. 190023, Mar. 2020, doi: 10.1098/rsos.190023.
  17. M. Hansel and J. Silomon, “Ransomware as a threat to peace and security: understanding and avoiding political worst-case scenarios,” Journal of Cyber Policy, vol. 9, no. 2, pp. 159–178, May 2024, doi: 10.1080/23738871.2024.2357092.
  18. C. F. AZUBUIKE, O. I. AKINWUMI, and E. O. EZEAMU, “Assessing the Global Economic Impact of Ransomeware Attacks and Strategic Global Response,” Nnamdi Azikiwe Journal of Political Science (NAJOPS), vol. 9, no. 4, pp. 1–17, 2024.
  19. M. S. Abbasi, “Automating Behavior-based Ransomware Analysis, Detection, and Classification Using Machine Learning,” Open Access Te Herenga Waka-Victoria University of Wellington, 2023. doi: 10.26686/wgtn.22180858.
  20. A. Alraizza and A. Algarni, “Ransomware Detection Using Machine Learning: A Survey,” BDCC, vol. 7, no. 3, p. 143, Aug. 2023, doi: 10.3390/bdcc7030143.
  21. W. Z. A. Zakaria, M. F. Abdollah, O. Mohd, S. M. W. M. S. M. M. Yassin, and A. Ariffin, “RENTAKA: A Novel Machine Learning Framework for Crypto-Ransomware Pre-encryption Detection,” IJACSA, vol. 13, no. 5, 2022, doi: 10.14569/IJACSA.2022.0130545.
  22. M. Cen, X. Deng, F. Jiang, and R. Doss, “Zero-Ran Sniff: A zero-day ransomware early detection method based on zero-shot learning,” Computers & Security, vol. 142, p. 103849, Jul. 2024, doi: 10.1016/j.cose.2024.103849.
  23. Imperial College London, “RISS: Resilient Information Systems Security,” Ransomware Dataset. Accessed: Apr. 12, 2025. [Online]. Available: https://rissgroup.org/ransomware-dataset/
  24. D. Sgandurra, L. Muñoz-González, R. Mohsen, and E. C. Lupu, “Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection,” Sep. 10, 2016, arXiv: arXiv:1609.03020. Accessed: May 14, 2023. [Online]. Available: http://arxiv.org/abs/1609.03020
  25. R. R. Sani, F. A. Rafrastara, and W. Ghozi, “Integrating Ensemble Learning and Information Gain for Malware Detection based on Static and Dynamic Features,” KINETIK, Jan. 2025, doi: 10.22219/kinetik.v10i1.2051.
  26. M. Ibadullah, S. A. Amalina, W. Ghozi, and F. A. Rafrastara, “Machine Learning-based Malware Detection on Android Operating System using AdaBoost Algorithm and ReliefF Feature Selection Method,” in 2024 International Seminar on Application for Technology of Information and Communication (iSemantic), Semarang, Indonesia: IEEE, Sep. 2024, pp. 359–364. doi: 10.1109/iSemantic63362.2024.10762096.
  27. M. Ibadullah, S. A. Amalina, W. Ghozi, and F. A. Rafrastara, “Machine Learning-based Malware Detection on Android Operating System using AdaBoost Algorithm and ReliefF Feature Selection Method,” in 2024 International Seminar on Application for Technology of Information and Communication (iSemantic), Semarang, Indonesia: IEEE, Sep. 2024, pp. 359–364. doi: 10.1109/iSemantic63362.2024.10762096.
  28. W. Shan, D. Li, S. Liu, M. Song, S. Xiao, and H. Zhang, “A random feature mapping method based on the AdaBoost algorithm and results fusion for enhancing classification performance,” Expert Systems with Applications, vol. 256, p. 124902, Dec. 2024, doi: 10.1016/j.eswa.2024.124902.
  29. A. Sharma, H. Babbar, and A. K. Vats, “Enhanced Ransomware Detection Using Gradient Boosting Algorithms: A Cybersecurity Dataset Approach,” in 2024 5th IEEE Global Conference for Advancement in Technology (GCAT), Bangalore, India: IEEE, Oct. 2024, pp. 1–5. doi: 10.1109/GCAT62922.2024.10923841.
  30. A. Sharma and H. Babbar, “Implementing Gradient Boosting Techniques for Real-Time Attack Detection in Vehicular Networks,” in Proc. - Int. Conf. Technol. Adv. Comput. Sci., ICTACS, Chaudhary N., Ed., Institute of Electrical and Electronics Engineers Inc., 2024, pp. 213–218. doi: 10.1109/ICTACS62700.2024.10840804.
  31. J. Wu and C. Li, “Illustrating the nonlinear effects of urban form factors on transportation carbon emissions based on gradient boosting decision trees,” Science of The Total Environment, vol. 929, p. 172547, Jun. 2024, doi: 10.1016/j.scitotenv.2024.172547.
  32. A. Ramadhani, F. A. Rafrastara, S. Rosyada, W. Ghozi, and W. M. Osman, “IMPROVING MALWARE DETECTION USING INFORMATION GAIN AND ENSEMBLE MACHINE LEARNING,” J. Tek. Inform. (JUTIF), vol. 5, no. 6, pp. 1673–1686, Dec. 2024, doi: 10.52436/1.jutif.2024.5.6.3903.
Read More
Author biographies is not available.
Download this PDF file
Statistic
Read Counter : 0

Downloads

Download data is not yet available.