Issue

Vol. 10, No. 4, November 2025

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

XGBoost-Powered Ransomware Detection: A Gradient-Based Machine Learning Approach for Robust Performance

https://doi.org/10.22219/kinetik.v10i4.2405
Wildanil Ghozi
Universitas Dian Nuswantoro
Heru Lestiawan
Universitas Dian Nuswantoro
Ramadhan Rakhmat Sani
Universitas Dian Nuswantoro
Jassim Nadheer Hussein
Alfa University College
Fauzi Adi Rafrastara
Universitas Dian Nuswantoro

Corresponding Author(s) : Fauzi Adi Rafrastara

fauziadi@dsn.dinus.ac.id

Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, Vol. 10, No. 4, November 2025

Abstract

Ransomware remains a rapidly evolving cyber threat, causing substantial financial and operational disruptions globally. Traditional signature-based detection systems are ineffective against sophisticated, zero-day attacks due to their static nature. Consequently, machine learning-based approaches offer a more effective and adaptive alternative. This study proposes an approach utilizing XGBoost for highly effective ransomware detection. We conducted a rigorous comparative analysis of prominent ensemble learning algorithms—XGBoost, Random Forest, Gradient Boosting, and AdaBoost—on the RISS Ransomware Dataset, comprising 1,524 instances. Our experimental results unequivocally demonstrate XGBoost as the superior ensemble model, achieving an impressive 97.60% accuracy and F1-Score. This performance surpassed Gradient Boosting (97.20%), Random Forest (96.94%), and AdaBoost (96.50%). Furthermore, this study benchmarked XGBoost against established state-of-the-art (SOTA) methods, including Support Vector Machine (SVM) and the SA-CNN-IS deep learning approach. The comprehensive results underscore the core contribution of this study: by applying XGBoost with a carefully structured machine learning pipeline, our approach consistently outperforms two state-of-the-art methods (SVM and SA-CNN-IS) as well as other ensemble algorithms. This highlights the critical role of methodological precision in maximizing detection performance against evolving ransomware threats.

Keywords

Ransomware Machine Learning XGBoost Ensemble Learning Classification
Ghozi, W., Lestiawan, H., Sani, R. R., Hussein, J. N., & Rafrastara, F. A. (2025). XGBoost-Powered Ransomware Detection: A Gradient-Based Machine Learning Approach for Robust Performance. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 10(4). https://doi.org/10.22219/kinetik.v10i4.2405
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX
References
  1. F. A. Rafrastara, C. Supriyanto, C. Paramita, Y. P. Astuti, and F. Ahmed, “Performance Improvement of Random Forest Algorithm for Malware Detection on Imbalanced Dataset using Random Under-Sampling Method,” JPIT, vol. 8, no. 2, pp. 113–118, 2023. https://doi.org/10.30591/jpit.v8i2.5207
  2. F. A. Rafrastara, C. Supriyanto, C. Paramita, and Y. P. Astuti, “Deteksi Malware menggunakan Metode Stacking berbasis Ensemble,” JPIT, vol. 8, no. 1, pp. 11–16, 2023. https://doi.org/10.30591/jpit.v8i1.4606
  3. S. Singh, T. Khanna, and D. K. Verma, “Enhanced Ransomware Classification with a Hybrid RF-SVM Framework Using PCA and RFE,” 2025. https://doi.org/10.1109/ICPCT64145.2025.10940253
  4. U. Urooj, B. A. S. Al-rimy, A. Zainal, F. A. Ghaleb, and M. A. Rassam, “Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions,” Applied Sciences, vol. 12, no. 1, p. 172, Dec. 2021. http://doi.org/10.3390/app12010172
  5. Md. A. Hossain, T. Hasan, F. Ahmed, S. H. Cheragee, M. H. Kanchan, and M. A. Haque, “Towards superior android ransomware detection: An ensemble machine learning perspective,” Cyber Security and Applications, vol. 3, p. 100076, Dec. 2025. http://doi.org/10.1016/j.csa.2024.100076
  6. Er. Kritika, “A comprehensive literature review on ransomware detection using deep learning,” Cyber Security and Applications, vol. 3, p. 100078, Dec. 2025. http://doi.org/10.1016/j.csa.2024.100078
  7. V. Anand, S. K. G, S. K. K, and S. C, “Enhancing Ransomware Detection - A Comparative Review of XGBoost, Random Forest, and Neural Network Approaches,” in 2025 International Conference on Emerging Systems and Intelligent Computing (ESIC), Bhubaneswar, India: IEEE, Feb. 2025, pp. 710–715. http://doi.org/10.1109/ESIC64052.2025.10962609
  8. A. Kapoor, A. Gupta, R. Gupta, S. Tanwar, G. Sharma, and I. E. Davidson, “Ransomware Detection, Avoidance, and Mitigation Scheme: A Review and Future Directions,” Sustainability, vol. 14, no. 1, p. 8, Dec. 2021. http://doi.org/10.3390/su14010008
  9. U. Urooj, B. A. S. Al-Rimy, A. B. Zainal, F. Saeed, A. Abdelmaboud, and W. Nagmeldin, “Addressing Behavioral Drift in Ransomware Early Detection Through Weighted Generative Adversarial Networks,” IEEE Access, vol. 12, pp. 3910–3925, 2024. http://doi.org/10.1109/ACCESS.2023.3348451
  10. G. Murray, M. Falkeling, and S. Gao, “Trends and challenges in research into the human aspects of ransomware: a systematic mapping study,” ICS, Jul. 2024. http://doi.org/10.1108/ICS-12-2022-0195
  11. G. Munoz Cornejo, J. Lee, and B. A. Russell, “A thematic analysis of ransomware incidents among United States hospitals, 2016–2022,” Health Technol., vol. 14, no. 6, pp. 1059–1070, Nov. 2024. https://doi.org/10.1007/s12553-024-00890-3
  12. M. Robles-Carrillo and P. García-Teodoro, “Ransomware: An Interdisciplinary Technical and Legal Approach,” Security and Communication Networks, vol. 2022, pp. 1–17, Aug. 2022. http://doi.org/10.1155/2022/2806605
  13. G. Kirubavathi, W. Regis Anne, and U. K. Sridevi, “A recent review of ransomware attacks on healthcare industries,” Int J Syst Assur Eng Manag, vol. 15, no. 11, pp. 5078–5096, Nov. 2024. http://doi.org/10.1007/s13198-024-02496-4
  14. H. Oz, A. Aris, A. Levi, and A. S. Uluagac, “A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions,” ACM Comput. Surv., vol. 54, no. 11s, pp. 1–37, Jan. 2022. http://doi.org/10.1145/3514229
  15. S. Jawad and H. M. Ahmed, “Machine Learning Approaches to Ransomware Detection: A Comprehensive Review,” IJSSE, vol. 14, no. 6, pp. 1963–1973, Dec. 2024. https://doi.org/10.18280/ijsse.140630
  16. M. S. Abbasi, H. Al-Sahaf, and I. Welch, “Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification,” in Applications of Evolutionary Computation, vol. 12104, P. A. Castillo, J. L. Jiménez Laredo, and F. Fernández De Vega, Eds., in Lecture Notes in Computer Science, vol. 12104. , Cham: Springer International Publishing, 2020, pp. 181–196. http://doi.org/10.1007/978-3-030-43722-0_12
  17. B. A. S. Al-rimy, M. A. Maarof, and S. Z. M. Shaid, “Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions,” Computers & Security, vol. 74, pp. 144–166, May 2018. http://doi.org/10.1016/j.cose.2018.01.001
  18. M. S. Balamurugan, V. Rajendran, and S. C. Mary, “A Review on Cognitive Based Ransomware Detection using Machine Learning and Deep Learning Techniques,” JATIT, vol. 102, no. 10, pp. 4572–4581, May 2024.
  19. A. Alqahtani and F. T. Sheldon, “A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook,” Sensors, vol. 22, no. 5, p. 1837, Feb. 2022. http://doi.org/10.3390/s22051837
  20. F. A. Rafrastara et al., “Integrating Information Gain and Chi-Square for Enhanced Malware Detection Performance,” JICT, vol. 24, no. 1, pp. 80–104, Jan. 2025. http://doi.org/10.32890/jict2025.24.1.4
  21. R. R. Sani, F. A. Rafrastara, and W. Ghozi, “Integrating Ensemble Learning and Information Gain for Malware Detection based on Static and Dynamic Features,” KINETIK, Jan. 2025. http://doi.org/10.22219/kinetik.v10i1.2051
  22. A. Hussain, A. Saadia, M. Alhussein, A. Gul, and K. Aurangzeb, “Enhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats,” PeerJ Computer Science, vol. 10, p. e2546, Nov. 2024. http://doi.org/10.7717/peerj-cs.2546
  23. Y. A. Ahmed, B. Koçer, S. Huda, B. A. Saleh Al-rimy, and M. M. Hassan, “A system call refinement-based enhanced Minimum Redundancy Maximum Relevance method for ransomware early detection,” Journal of Network and Computer Applications, vol. 167, p. 102753, Oct. 2020. http://doi.org/10.1016/j.jnca.2020.102753
  24. M. Al-Hawawreh, M. Alazab, M. A. Ferrag, and M. S. Hossain, “Securing the Industrial Internet of Things against ransomware attacks: A comprehensive analysis of the emerging threat landscape and detection mechanisms,” Journal of Network and Computer Applications, vol. 223, p. 103809, Mar. 2024. http://doi.org/10.1016/j.jnca.2023.103809
  25. J. Hernandez-Castro, A. Cartwright, and E. Cartwright, “An economic analysis of ransomware and its welfare consequences,” R. Soc. open sci., vol. 7, no. 3, p. 190023, Mar. 2020. http://doi.org/10.1098/rsos.190023
  26. M. Hansel and J. Silomon, “Ransomware as a threat to peace and security: understanding and avoiding political worst-case scenarios,” Journal of Cyber Policy, vol. 9, no. 2, pp. 159–178, May 2024. http://doi.org/10.1080/23738871.2024.2357092
  27. C. F. Azubuike, O. I. Akinwumi, and E. O. Ezeamu, “Assessing the Global Economic Impact of Ransomeware Attacks and Strategic Global Response,” Nnamdi Azikiwe Journal of Political Science (NAJOPS), vol. 9, no. 4, pp. 1–17, 2024.
  28. M. S. Abbasi, “Automating Behavior-based Ransomware Analysis, Detection, and Classification Using Machine Learning,” Open Access Te Herenga Waka-Victoria University of Wellington, 2023. http://doi.org/10.26686/wgtn.22180858
  29. A. Alraizza and A. Algarni, “Ransomware Detection Using Machine Learning: A Survey,” BDCC, vol. 7, no. 3, p. 143, Aug. 2023. http://doi.org/10.3390/bdcc7030143
  30. W. Z. A. Zakaria, M. F. Abdollah, O. Mohd, S. M. W. M. S. M. M. Yassin, and A. Ariffin, “RENTAKA: A Novel Machine Learning Framework for Crypto-Ransomware Pre-encryption Detection,” IJACSA, vol. 13, no. 5, 2022. http://doi.org/10.14569/IJACSA.2022.0130545
  31. M. Cen, X. Deng, F. Jiang, and R. Doss, “Zero-Ran Sniff: A zero-day ransomware early detection method based on zero-shot learning,” Computers & Security, vol. 142, p. 103849, Jul. 2024. http://doi.org/10.1016/j.cose.2024.103849
  32. Imperial College London, “RISS: Resilient Information Systems Security,” Ransomware Dataset.
  33. D. Sgandurra, L. Muñoz-González, R. Mohsen, and E. C. Lupu, “Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection,” Sep. 10, 2016, arXiv: arXiv:1609.03020. Accessed: May 14, 2023. https://doi.org/10.48550/arXiv.1609.03020
  34. R. R. Sani, F. A. Rafrastara, and W. Ghozi, “Integrating Ensemble Learning and Information Gain for Malware Detection based on Static and Dynamic Features,” KINETIK, Jan. 2025. https://doi.org/10.22219/kinetik.v10i1.2051
  35. M. Ibadullah, S. A. Amalina, W. Ghozi, and F. A. Rafrastara, “Machine Learning-based Malware Detection on Android Operating System using AdaBoost Algorithm and ReliefF Feature Selection Method,” in 2024 International Seminar on Application for Technology of Information and Communication (iSemantic), Semarang, Indonesia: IEEE, Sep. 2024, pp. 359–364. http://doi.org/10.1109/iSemantic63362.2024.10762096
  36. W. Shan, D. Li, S. Liu, M. Song, S. Xiao, and H. Zhang, “A random feature mapping method based on the AdaBoost algorithm and results fusion for enhancing classification performance,” Expert Systems with Applications, vol. 256, p. 124902, Dec. 2024. http://doi.org/10.1016/j.eswa.2024.124902
  37. A. Sharma, H. Babbar, and A. K. Vats, “Enhanced Ransomware Detection Using Gradient Boosting Algorithms: A Cybersecurity Dataset Approach,” in 2024 5th IEEE Global Conference for Advancement in Technology (GCAT), Bangalore, India: IEEE, Oct. 2024, pp. 1–5. http://doi.org/10.1109/GCAT62922.2024.10923841
  38. A. Sharma and H. Babbar, “Implementing Gradient Boosting Techniques for Real-Time Attack Detection in Vehicular Networks,” in Proc. - Int. Conf. Technol. Adv. Comput. Sci., ICTACS, Chaudhary N., Ed., Institute of Electrical and Electronics Engineers Inc., 2024, pp. 213–218. http://doi.org/10.1109/ICTACS62700.2024.10840804
  39. J. Wu and C. Li, “Illustrating the nonlinear effects of urban form factors on transportation carbon emissions based on gradient boosting decision trees,” Science of The Total Environment, vol. 929, p. 172547, Jun. 2024. http://doi.org/10.1016/j.scitotenv.2024.172547
  40. A. Ramadhani, F. A. Rafrastara, S. Rosyada, W. Ghozi, and W. M. Osman, “Improving Malware Detection using Information Gain and Ensemble Machine Learning,” J. Tek. Inform. (JUTIF), vol. 5, no. 6, pp. 1673–1686, Dec. 2024. http://doi.org/10.52436/1.jutif.2024.5.6.3903
Read More
Author biographies is not available.
Download this PDF file
PDF
Statistic
Read Counter : 0 Download : 0

Downloads

Download data is not yet available.