The continuous escalation of ransomware attacks poses a severe risk to network infrastructure and data integrity, highlighting the urgent requirement for dependable detection systems. This paper presents a comparative analysis of deep learning (DL) and machine learning (ML) techniques for identifying ransomware traffic using the UNSW-NB15 dataset. A significant obstacle in many intrusion detection investigations is feature contamination, where specific attributes inadvertently leak label data or reflect post-incident statistics, resulting in inflated and overly optimistic performance evaluations. To mitigate this concern, a feature decontamination protocol is implemented to isolate 29 reliable attributes, followed by the application of the synthetic minority over-sampling technique (SMOTE) to address the issue of class imbalance. Empirical results demonstrate that the random forest (RF) model achieves superior performance, reaching an accuracy of 0.9027 and a recall of 0.9507. Among the DL candidates, the multi-layer perceptron (MLP) delivers the most competitive outcomes with an accuracy of 0.8859 and an F1-score of 0.8996. These results suggest that ensemble-based ML frameworks offer more effective and computationally efficient ransomware detection when applied to decontaminated tabular datasets.

cybersecurity; feature decontamination; intrusion detection; network traffic analysis; ransomware; synthetic minority over sampling technique;