IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v16y2024i8p291-d1454141.html
   My bibliography  Save this article

Early Ransomware Detection with Deep Learning Models

Author

Listed:
  • Matan Davidian

    (Department of Software Engineering, Shamoon College of Engineering, Beer Sheva 84100, Israel
    These authors contributed equally to this work.)

  • Michael Kiperberg

    (Department of Software Engineering, Shamoon College of Engineering, Beer Sheva 84100, Israel
    These authors contributed equally to this work.)

  • Natalia Vanetik

    (Department of Software Engineering, Shamoon College of Engineering, Beer Sheva 84100, Israel)

Abstract

Ransomware is a growing-in-popularity type of malware that restricts access to the victim’s system or data until a ransom is paid. Traditional detection methods rely on analyzing the malware’s content, but these methods are ineffective against unknown or zero-day malware. Therefore, zero-day malware detection typically involves observing the malware’s behavior, specifically the sequence of application programming interface (API) calls it makes, such as reading and writing files or enumerating directories. While previous studies have used machine learning (ML) techniques to classify API call sequences, they have only considered the API call name. This paper systematically compares various subsets of API call features, different ML techniques, and context-window sizes to identify the optimal ransomware classifier. Our findings indicate that a context-window size of 7 is ideal, and the most effective ML techniques are CNN and LSTM. Additionally, augmenting the API call name with the operation result significantly enhances the classifier’s precision. Performance analysis suggests that this classifier can be effectively applied in real-time scenarios.

Suggested Citation

  • Matan Davidian & Michael Kiperberg & Natalia Vanetik, 2024. "Early Ransomware Detection with Deep Learning Models," Future Internet, MDPI, vol. 16(8), pages 1-37, August.
    • Handle: RePEc:gam:jftint:v:16:y:2024:i:8:p:291-:d:1454141
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/16/8/291/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/16/8/291/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:16:y:2024:i:8:p:291-:d:1454141. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.