IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v17y2025i7p311-d1704225.html

A Deep Learning Framework for Enhanced Detection of Polymorphic Ransomware

Author

Listed:
  • Mazen Gazzan

    (Department of Information Systems, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia)

  • Bader Alobaywi

    (Department of Computer Science, College of Engineering, University of Idaho, Moscow, ID 83844, USA
    College of Computer Science and Engineering, University of Hafr Al Batin, Hafar Al Batin 39923, Saudi Arabia)

  • Mohammed Almutairi

    (Department of Computer Science, College of Engineering, University of Idaho, Moscow, ID 83844, USA
    College of Computer Science and Engineering, University of Hafr Al Batin, Hafar Al Batin 39923, Saudi Arabia)

  • Frederick T. Sheldon

    (Department of Computer Science, College of Engineering, University of Idaho, Moscow, ID 83844, USA)

Abstract

Ransomware, a significant cybersecurity threat, encrypts files and causes substantial damage, making early detection crucial yet challenging. This paper introduces a novel multi-phase framework for early ransomware detection, designed to enhance accuracy and minimize false positives. The framework addresses the limitations of existing methods by integrating operational data with situational and threat intelligence, enabling it to dynamically adapt to the evolving ransomware landscape. Key innovations include (1) data augmentation using a Bi-Gradual Minimax Generative Adversarial Network (BGM-GAN) to generate synthetic ransomware attack patterns, addressing data insufficiency; (2) Incremental Mutual Information Selection (IMIS) for dynamically selecting relevant features, adapting to evolving ransomware behaviors and reducing computational overhead; and (3) a Deep Belief Network (DBN) detection architecture, trained on the augmented data and optimized with Uncertainty-Aware Dynamic Early Stopping (UA-DES) to prevent overfitting. The model demonstrates a 4% improvement in detection accuracy (from 90% to 94%) through synthetic data generation and reduces false positives from 15.4% to 14%. The IMIS technique further increases accuracy to 96% while reducing false positives. The UA-DES optimization boosts accuracy to 98.6% and lowers false positives to 10%. Overall, this framework effectively addresses the challenges posed by evolving ransomware, significantly enhancing detection accuracy and reliability.

Suggested Citation

  • Mazen Gazzan & Bader Alobaywi & Mohammed Almutairi & Frederick T. Sheldon, 2025. "A Deep Learning Framework for Enhanced Detection of Polymorphic Ransomware," Future Internet, MDPI, vol. 17(7), pages 1-55, July.
  • Handle: RePEc:gam:jftint:v:17:y:2025:i:7:p:311-:d:1704225
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/17/7/311/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/17/7/311/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Matthew Canham & Clay Posey & Delainey Strickland & Michael Constantino, 2021. "Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards," SAGE Open, , vol. 11(1), pages 21582440219, January.
    2. Fatima Salahdine & Naima Kaabouch, 2019. "Social Engineering Attacks: A Survey," Future Internet, MDPI, vol. 11(4), pages 1-17, April.
    3. Mazen Gazzan & Frederick T. Sheldon, 2023. "Opportunities for Early Detection and Prediction of Ransomware Attacks against Industrial Control Systems," Future Internet, MDPI, vol. 15(4), pages 1-18, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Asad Hussain & Sunila Fatima Ahmad & Mishal Tanveer & Ansa Sameen Iqbal, 2022. "Computer Malware Classification, Factors, and Detection Techniques: A Systematic Literature Review (SLR)," International Journal of Innovations in Science & Technology, 50sea, vol. 4(3), pages 899-918, August.
    2. Aaron Zimba & Katongo Phiri & Chimanga Kashale & Mwiza Phiri, 2025. "Unveiling deception: a socio-economic analysis of smishing attacks on mobile money transaction users," Humanities and Social Sciences Communications, Palgrave Macmillan, vol. 12(1), pages 1-14, December.
    3. Mazen Gazzan & Frederick T. Sheldon, 2023. "An Enhanced Minimax Loss Function Technique in Generative Adversarial Network for Ransomware Behavior Prediction," Future Internet, MDPI, vol. 15(10), pages 1-18, September.
    4. Stroukal, Dominik & Peterka, Pavel, 2025. "Tokenization as a pathway to anonymity in central bank digital currencies," Research in International Business and Finance, Elsevier, vol. 75(C).
    5. Ben Krishna & Satish Krishnan & M. P. Sebastian, 2023. "Examining the Relationship between National Cybersecurity Commitment, Culture, and Digital Payment Usage: An Institutional Trust Theory Perspective," Information Systems Frontiers, Springer, vol. 25(5), pages 1713-1741, October.
    6. Vitaliy Shpachuk & Olena Markova & Bogdan Adamyk, 2026. "AI-driven financial fraud: key risks and legal protections for financial institutions," Journal of Banking Regulation, Palgrave Macmillan, vol. 27(1), pages 1-19, March.
    7. Umara Urooj & Bander Ali Saleh Al-rimy & Mazen Gazzan & Anazida Zainal & Eslam Amer & Mohammed Almutairi & Stavros Shiaeles & Frederick Sheldon, 2025. "A Wide and Weighted Deep Ensemble Model for Behavioral Drifting Ransomware Attacks," Mathematics, MDPI, vol. 13(7), pages 1-27, March.
    8. Kavitha, M.S. & Sumathy, G. & Sarala, B. & Hephzipah, J. Jasmine & Dhanalakshmi, R. & Subha, T.D., 2024. "SIRT: A distinctive and smart invasion recognition tool (SIRT) for defending IoT integrated ICS from cyber-attacks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 47(C).
    9. T. V. Tulupieva, 2022. "Psychological Aspects of the Organization’s Information Security in the Context of Socio-engineering Attacks," Administrative Consulting, Russian Presidential Academy of National Economy and Public Administration. North-West Institute of Management., issue 2.
    10. Pramukh Nanjundaswamy Vasist & Debashis Chatterjee, 2025. "Combating Fake News and Digital Deception at the Workplace: An Integrative Review and Open Systems Theory-led Framework for Future Research," IIM Kozhikode Society & Management Review, , vol. 14(1), pages 88-104, January.
    11. Ahu Ergen & Ahmet Naci Ünal & Mehmet Sıtkı Saygili, 2021. "Is It Possible to Change the Cyber Security Behaviours of Employees? Barriers and Promoters," Academic Journal of Interdisciplinary Studies, Richtmann Publishing Ltd, vol. 10, July.
    12. Zhengyang Fan & Wanru Li & Kathryn Blackmond Laskey & Kuo-Chu Chang, 2024. "Investigation of Phishing Susceptibility with Explainable Artificial Intelligence," Future Internet, MDPI, vol. 16(1), pages 1-18, January.
    13. Nkiru Ali Suleiman, 2025. "Deepfake-as-a-Service: The Next Challenge for Enterprise Cybersecurity," Journal of Technology and Systems, CARI Journals Limited, vol. 7(3), pages 47-59.
    14. Nillasithanukroh, Songkhun & Park, Chul Hyun & Baek, Jaejong & Ahn, Gail-Joon & Richards, Robert, 2025. "Mapping the landscape of cybersecurity preparedness: A systematic review of non-technological determinants and consequences," Technology in Society, Elsevier, vol. 83(C).

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:7:p:311-:d:1704225. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager The email address of this maintainer does not seem to be valid anymore. Please ask MDPI Indexing Manager to update the entry or send us the correct address (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.