Once all of the above indicators are
tested individually, the idea is to put the whole directory for a test through
all 4 indicators and record their observations following which, a sample data
set containing all 4 indicators and their respective outputs were recorded.
A convention of +1 if the indicator is
triggered and -1 if it is not triggered was used and was passed through a
popular Machine learning technique called Decision Trees. The basic version of
ID3 algorithm of classification was deployed which uses the principle of
generating decision tree from a fixed set of training instances.
In initial illustrations, We took it as a
We took it a Yes if more than 2 indicators were triggered and No in case of 2
or less indicators. The resulting tree is used to classify future samples. Illustration
has several attributes that belong to either 1 or 2. The leaf node bearing the
name of a particular class whereas the non-leaf is a node that explains decision
tree.One among the nodes as to which one is a part of decision nodes.
This algorithm could easily help us
decide if a file received is harmful or a one that’s harmless.
Scope of Improvement
It is important to realize here that
safeguarding and securing information from any type of Malwares particularly
Ransomware means always putting endless efforts and updating the mechanisms as
and when any vulnerability is found in the existing techniques. There is always
a possibility of evasion of these indicators which would result in most of the
Malicious activities being marked safe thereby letting them slip through our
On carefully analyzing our work, we
expect the following things to be embedded in our future versions:
? To also include mechanisms that would protect data privacy before even
entering the system, i.e., analyzing network data and using robust searching
tools like elastic search to be deployed over the network.
? To be able to work on more
unstructured data, as most forms of malwares that peek into a computer system
comes with different forms of text and media.
? To improve the dynamic aspect of this mechanism which would access,
detect and delete the harmful content.
? And of course, to make it work even faster and with accurate results
which means reduced false positives.