Enhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats
Hussain, Amjad and Saadia, Ayesha and Alhussein, Musaed and Gul, Ammara and Aurangzeb, Khursheed (2024) Enhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats. PeerJ Computer Science, 10. e2546. ISSN 2376-5992
Preview |
Text
peerj-cs-2546.pdf - Published Version Available under License Creative Commons Attribution. Download (2MB) |
Abstract
Ransomware is a type of malware that locks access to or encrypts its victim’s files for a ransom to be paid to get back locked or encrypted data. With the invention of obfuscation techniques, it became difficult to detect its new variants. Identifying the exact malware category and family can help to prepare for possible attacks. Traditional machine learning-based approaches failed to detect and classify advanced obfuscated ransomware variants using existing pattern-matching and signature-based detection techniques. Deep learning-based approaches have proven helpful in both detection and classification by analyzing obfuscated ransomware deeply. Researchers have contributed mainly to detection and minimaly to family attribution. This research aims to address all these multi-class classification problems by leveraging the power of deep learning. We have proposed a novel group normalization-based bidirectional long short-term memory (GN-BiLSTM) method to detect and classify ransomware variants with high accuracy. To validate the technique, five other deep learning models are also trained on the CIC-MalMem-2022, an obfuscated malware dataset. The proposed approach outperformed with an accuracy of 99.99% in detection, 85.48% in category-wise classification, and 74.65% in the identification of ransomware families. To verify its effectiveness, models are also trained on 10,876 self-collected latest samples of 26 malware families and the proposed model has achieved 99.20% accuracy in detecting malware, 97.44% in classifying its category, and 96.23% in identifying its family. Our proposed approach has proven the best for detecting new variants of ransomware with high accuracy and can be implemented in real-world applications of ransomware detection.
| Item Type: | Article |
|---|---|
| Identification Number: | 10.7717/peerj-cs.2546 |
| Dates: | Date Event 5 November 2024 Accepted 29 November 2024 Published Online |
| Uncontrolled Keywords: | Ransomware detection, Ransomware classification, Ransomware family attribution, Artificial Intelligence, Deep learning, Machine learning |
| Subjects: | CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science |
| Divisions: | Architecture, Built Environment, Computing and Engineering > Computer Science |
| Depositing User: | Gemma Tonks |
| Date Deposited: | 21 Aug 2025 15:22 |
| Last Modified: | 21 Aug 2025 15:22 |
| URI: | https://www.open-access.bcu.ac.uk/id/eprint/16616 |
Actions (login required)
 |
View Item |
Tools
Tools
