Bitcoin Ransomware Detection Employing Rule-Based Algorithms

Abstract


 Cryptocurrencies have completely altered the digital transaction process all over the globe. Almost a decade after Satoshi Nakamoto generated the first Bitcoin block; many cryptocurrencies have been established. The Ransomware attack is a type of cybercrime and a class of malware that encrypts the files and prevents users from accessing their data or systems and demands payment for decrypting and retrieving access to their files. Ransomware data classification using present data mining and machine learning methods is difficult because predictions aren't always correct. We aim to build two models that effectively address these challenges and can diagnose and classify Ransomware attacks accurately, then compare the performance of the models. In this paper, we investigated the use of Rule-Based algorithms for mining Bitcoin Ransomware Data to classify Ransomware attacks in Bitcoin transactions. Employing Rule-Based techniques in detecting Bitcoin data is beneficial because the algorithms effectively classify non-linear datasets. The analysis was done on a Bitcoin dataset for 61,004 addresses selected from 29 Ransomware families and contained ten descriptive and decision attributes. Both Rule-Based algorithms were illustrated and compared on the dataset employing 10-fold cross-validation. Experimental results show that classification under partial decision tree (PART) algorithm performed better in different metrics than the Decision Table algorithm. It provides an accuracy of 96.01%, a recall of 96%, a precision of 95.9%, and an F-Measure of 95.6%. Experimental results propose that it is beneficial to further investigate the application of PART to predictive modelling tasks in Ransomware studies.