Cybersecurity faces challenges in identifying and mitigating ransomware, which is important for protecting critical infrastructures. The absence of datasets for distinguishing normal versus abnormal network behaviour hinders the development of proactive detection strategies against ransomware. An obstacle in proactive prevention methods is the absence of comprehensive datasets for contrasting normal versus abnormal network behaviours. The dataset enabling such contrasts would significantly expedite threat anomaly mitigation. In this study, we introduce UGRansome2024, an optimised dataset for ransomware detection in network traffic. This dataset is derived from the UGRansome data using an intuitionistic feature engineering approach that considers only relevant patterns in network behaviour analysis. The study presents an analysis of ransomware detection using the UGRansome2024 dataset and the Random Forest algorithm. Through encoding and feature relevance determination, the Random Forest achieved a classification accuracy of 96% and effectively identified unusual ransomware transactions. Findings indicate that certain ransomware variants, such as those utilising Encrypt Decrypt Algorithms (EDA) and Globe ransomware, have the highest financial impact. These insights have significant implications for real-world cybersecurity practices, highlighting the importance of machine learning in ransomware detection and mitigation. Further research is recommended to expand datasets, explore alternative detection methods, and address limitations in current approaches.

翻译：网络安全在识别和缓解勒索软件方面面临挑战，这对保护关键基础设施至关重要。缺乏用于区分正常与异常网络行为的数据集，阻碍了针对勒索软件的主动检测策略开发。主动预防方法的一个障碍是缺乏用于对比正常与异常网络行为的综合性数据集。能够实现这种对比的数据集将显著加速威胁异常的缓解。在本研究中，我们提出了UGRansome2024，这是一个针对网络流量中勒索软件检测而优化的数据集。该数据集基于UGRansome数据，采用直觉特征工程方法构建，仅考虑网络行为分析中的相关模式。本研究利用UGRansome2024数据集和随机森林算法对勒索软件检测进行了分析。通过编码和特征相关性确定，随机森林实现了96%的分类准确率，并有效识别了异常的勒索软件交易。研究结果表明，某些勒索软件变种（如使用加密解密算法（EDA）的变种和Globe勒索软件）造成的财务影响最大。这些发现对现实世界网络安全实践具有重要意义，突显了机器学习在勒索软件检测与缓解中的关键作用。建议进一步开展研究以扩展数据集、探索替代检测方法，并解决当前方法的局限性。