Addressing Behavioral Drift in Ransomware Early Detection Through Weighted Generative Adversarial Networks

Urooj, Umara and Al-Rimy, Bander Ali Saleh and Zainal, Anazida Binti and Saeed, Faisal and Abdelmaboud, Abdelzahir and Nagmeldin, Wamda (2023) Addressing Behavioral Drift in Ransomware Early Detection Through Weighted Generative Adversarial Networks. IEEE Access, 12. pp. 3910-3925. ISSN 2169-3536

Addressing_Behavioral_Drift_in_Ransomware_Early_Detection_Through_Weighted_Generative_Adversarial_Networks.pdf - Published Version
Available under License Creative Commons Attribution.

Download (2MB)


Crypto-ransomware attacks pose a significant cyber threat due to the irreversible effect of encryption employed to deny access to the data on the victim’s device. Existing state-of-the-art solutions are developed based on two assumptions: the availability of sufficient data to perform detection during the pre-encryption phase, and that ransomware behavior is static and does not change over time. However, such assumptions do not hold as data collected during the pre-encryption phase of the ransomware attack are limited and does not contain sufficient patterns needed to identify the attack. Additionally, the evasion techniques like polymorphism and metamorphism used by ransomware lead to behavioral drift that could defeat those solutions. Therefore, this paper addresses these two issues by proposing a weighted Generative Adversarial Networks (wGANs) technique. Firstly, the proposed wGAN was used to generate synthetic data that imitate the behavior of ransomware and simulate the evolution of the attacks. Then, the mutual information was used to estimate the significance of features for different timeframes, thereby helping the detection model to handle the behavioral drift in emerging ransomware variants. Experimental evaluation demonstrates that the proposed wGAN is more robust against behavioral drift compared to the state-of-the-art solutions. The wGAN achieved higher accuracy and lower false alarm rates of 97% and 0.0088 respectively.

Item Type: Article
Identification Number:
23 December 2023Accepted
29 December 2023Published Online
Uncontrolled Keywords: Ransomware, Feature extraction, Behavioral sciences, Encryption, Generative adversarial networks, Adaptation models, Adaptive systems
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Gemma Tonks
Date Deposited: 15 Feb 2024 15:07
Last Modified: 15 Feb 2024 15:07

Actions (login required)

View Item View Item


In this section...