Systematic Evaluation Framework for ML and DL-Based Ransomware Detection
Cybercriminals have increasingly leveraged sophisticated techniques to bypass traditional signature-based detection systems through the use of Ransomware-as-a-Service (RaaS) platforms, double and triple extortion strategies, and advanced evasion mechanisms. As a result, ransomware attacks have reached unprecedented levels. Using this systematic evaluation framework, we examine the current state and effectiveness of machine learning (ML) and deep learning (DL) approaches for ransomware detection, addressing critical gaps in existing research methodologies while providing comprehensive recommendations for future research. The study analyses multiple AI paradigms including supervised learning algorithms such as Random Forests and Support Vector Machines, unsupervised techniques such as clustering and anomaly detection, and deep learning architectures such as Convolutional Neural Networks and Long Short-Term Memory networks. Hybrid approaches combining static and dynamic analysis consistently achieve superior performance, with accuracy rates exceeding 99% when properly implemented. As part of the framework, fundamental challenges are addressed such as dataset quality and diversity, feature extraction and selection methodologies, data preprocessing techniques, and performance evaluation metrics that have been tailored specifically for cybersecurity applications. Several findings indicate that ensemble learning methods outperform individual classifiers, with Random Forest algorithms being particularly effective at handling high-dimensional feature spaces while maintaining interpretability for security analysts. As a result of the study, significant limitations have been identified in current research, including an overreliance on static data sets that do not capture evolving threat landscapes, an inadequate representation of modern attack vectors, and a limited ability to generalize across different operational environments. Future directions of this research include explainable AI integration for transparent decision-making, adaptive real-time detection systems, and federated learning approaches for collaborative threat intelligence sharing while maintaining organizational privacy. It provides standardized methodologies for data curation, feature engineering, model development, and performance benchmarking, enabling fair comparisons between different AI approaches and facilitating reproducible research. This work contributes to essential guidance for cybersecurity practitioners, policymakers, and researchers in developing robust, adaptive, and interpretable ransomware detection systems capable of defending against increasingly sophisticated cyber threats while considering ethical concerns and regulatory compliance requirements in modern digital ecosystems.