Dynamic Ransomware Classification: Leveraging Sandbox and Machine Learning

Authors

  • Augusto Parisot Fluminense Federal University https://orcid.org/0009-0001-6238-3604
  • Lucila Bento State University of Rio de Janeiro
  • Raphael Machado Federal Fluminense University

DOI:

https://doi.org/10.14209/jcis.2025.12

Keywords:

ransomware, detection attack, machine learning, sandbox

Abstract

The surge in ransomware attacks in recent years has elevated this malware to one of the foremost cybersecurity threats. This article presents a dynamic ransomware classification approach, leveraging the malware analysis environment provided by Cuckoo Sandbox and machine learning techniques. We introduce a methodology encompassing steps for malicious code sample collection, environment configuration for sample execution, data collection, and dataset construction for ransomware detection and experimentation. Six machine learning classifiers were employed to identify ransomware families and individual cases, furnishing valuable tools for threat detection. The results underscore the effectiveness of tree-based methods, such as Random Forests and Decision Trees, in delineating between different ransomware families.

Downloads

Download data is not yet available.

Author Biographies

Augusto Parisot, Fluminense Federal University

Computer Science Institute, Federal Fluminense University, RJ, Brazil

Lucila Bento, State University of Rio de Janeiro

Institute of Mathematics and Statistics

Raphael Machado, Federal Fluminense University

Computer Science Institute, Federal Fluminense University, RJ, Brazil

Downloads

Published

2025-12-19

How to Cite

Parisot, A., Bento, L., & Machado, R. (2025). Dynamic Ransomware Classification: Leveraging Sandbox and Machine Learning. Journal of Communication and Information Systems, 40(1), 102–114. https://doi.org/10.14209/jcis.2025.12

Issue

Vol. 40 No. 1 (2025)

Section

Regular Papers

License

Copyright (c) 2025 Augusto Parisot, Lucila Bento, Raphael Machado (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Authors who publish in this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a CC BY-NC 4.0 (Attribution-NonCommercial 4.0 International) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors can enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) before and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

___________

Received 2024-03-04
Accepted 2025-11-11
Published 2025-12-19