Contact Us
Journal Statistics & Approval Details
Recent Published Paper
Our Author's Feedback
 •  SJIF Impact Factor: 8.067       •  ISRA Impact Factor 7.894       •  Hard Copy of Certificates to All Authors       •  DOI by Crossref for all Published Papers       •  Soft Copy of Certificates- Within 04 Hours       •  Authors helpline No: +91-8813907089(Whatsapp)       •  No Publication Fee for Paper Submission       •  Hard Copy of Certificates to all Authors       •  UGC Approved Journal: IJRASET- Click here to Check       •  Conference on 18th and 19th Dec at Sridevi Womens Engineering College     
ISSN: 2321-9653
Estd : 2013

Ijraset Journal For Research in Applied Science and Engineering Technology

Ransomware Detection by Machine Learning

Authors: Khateeb Razak

DOI Link: https://doi.org/10.22214/ijraset.2025.73669

Certificate: View Certificate

Abstract

Ransomware detection remains a critical component of endpoint security across workstations, servers, cloud environments, and mobile devices. The escalating volume and sophistication of ransomware variants pose significant challenges to traditional signature-based and heuristic detection techniques. Recent ransomware employs advanced obfuscation, polymorphism, and zero-day exploits, which conventional defenses struggle to identify promptly. This research leverages hybrid machine learning models combining static and dynamic behavioral features to improve detection accuracy. Utilizing Deep Belief Networks (DBN) and Gated Recurrent Units (GRU), the proposed approach demonstrates enhanced predictive capability against obfuscated and novel ransomware strains. Experimental evaluations on benchmark datasets validate the model\'s superior accuracy (99.00%), precision, recall, and F1-score compared to traditional methods, highlighting its practical applicability for real-time cybersecurity systems.

Introduction

1. Background & Motivation

  • Ransomware is a growing global threat due to advanced encryption, obfuscation, and evasion techniques.

  • Android systems are particularly vulnerable due to their open-source nature.

  • Traditional detection methods (e.g., static code analysis, signature matching) are ineffective against:

    • Polymorphic and obfuscated malware

    • Zero-day attacks

  • Machine learning (ML) and deep learning (DL) provide more adaptive, accurate solutions using static and dynamic behavior analysis.

2. Proposed Solution

A hybrid deep learning model integrating:

  • Deep Belief Network (DBN) – for analyzing static features (e.g., API calls, permissions).

  • Gated Recurrent Unit (GRU) – for capturing dynamic behavioral patterns (e.g., system calls, runtime behavior).

  • Outputs from both models are fused in a dense layer for final binary classification (ransomware vs. benign).

3. Methodology

A. Dataset

  • Sources: CICAndMal2017 and other benchmarks.

  • Samples include both ransomware and benign apps.

  • Extracted:

    • Static features (permissions, opcode sequences)

    • Dynamic features (network traffic, system/API calls)

B. Feature Engineering

  • Features normalized and encoded.

  • Dimensionality reduction techniques applied for efficiency.

C. Model Architecture

  • DBN: Learns hierarchical patterns from static data.

  • GRU: Models time-based behavior sequences from dynamic data.

  • Combined in a dense layer for classification.

D. Training & Evaluation

  • Frameworks: TensorFlow/PyTorch with GPU acceleration.

  • Cross-validation used to avoid overfitting.

  • Metrics: Accuracy, Precision, Recall, F1-Score, ROC-AUC.

E. Performance

Metric Value (%)
Accuracy 99.00
Precision 99.05
Recall 98.95
F1-Score 99.00
ROC-AUC 0.995

  • Outperformed traditional models (Random Forest, SVM).

  • Proven robust against obfuscation and zero-day ransomware.

  • Achieved near real-time inference with acceptable overhead.

4. Related Work

  • Previous studies used CNNs, GRUs, or ML classifiers.

  • Most lacked full integration of static and dynamic analysis.

  • This work advances the field by combining temporal and structural features in a single hybrid framework.

Conclusion

This paper proposed a hybrid deep learning framework integrating DBN and GRU to effectively detect ransomware by leveraging both static and dynamic features. The approach successfully addresses challenges posed by obfuscation and zero-day ransomware, achieving high accuracy and reliability on benchmark datasets. Our model’s superior performance highlights its potential for real-world cybersecurity applications, particularly in endpoint protection across diverse computing platforms. Future research will focus on expanding dataset diversity, enhancing adversarial robustness, and incorporating explainable AI methods to increase trust and transparency in detection outcomes.

References

[1] A. Alazab, M. Abawajy, M. Alazab A Deep Learning-Based Approach for Detecting Ransomware in IoT IEEE Internet of Things Journal 2021 https://doi.org/10.1109/JIOT.2020.3019928 [2] S. Vinayakumar, K. Soman, P. Poornachandran Evaluating Machine Learning Classifiers for Android Malware Detection Journal of Ambient Intelligence and Humanized Computing 2019 https://doi.org/10.1007/s12652-018-1123-4 [3] M. Rafique, M. A. Shah, S. A. Khan Static and Dynamic Analysis of Malware: An Overview IEEE Access 2020 https://doi.org/10.1109/ACCESS.2020.3019762 [4] A. Kalash, B. Liu, M. Debbabi Malware Detection Using Convolutional Neural Networks IEEE ISI Conference Proceedings 2018 https://doi.org/10.1109/ISI.2018.8465211 [5] D. Anderson, T. Filar, K. McGrew Adversarial Machine Learning in Ransomware Detection: Challenges and Countermeasures ACM Computing Surveys 2022 https://doi.org/10.1145/3479578 [6] S. Shijo, A. Salim A Hybrid CNN-GRU Model for Advanced Malware Detection International Journal of Computer Applications 2020 https://doi.org/10.5120/ijca2020920171 [7] Y. Kim, M. Kim, S. Kim Ransomware Detection Using Deep Neural Networks Based on File Access Patterns IEEE Transactions on Information Forensics and Security 2021 https://doi.org/10.1109/TIFS.2021.3080096 [8] P. Garg, S. Soni A Survey on Machine Learning Techniques for Ransomware Detection Journal of Network and Computer Applications 2021 https://doi.org/10.1016/j.jnca.2020.102894 [9] A. Prakash, V. Bhatia Hybrid Machine Learning Models for Android Ransomware Detection IEEE Access 2021 https://doi.org/10.1109/ACCESS.2021.3095116 [10] H. Huang, X. Wang, Z. Tang Dynamic Behavior Analysis and Detection of Android Ransomware Using GRU Networks IEEE Access 2020 https://doi.org/10.1109/ACCESS.2020.3024590 [11] J. Lee, S. Kim Malware Detection Using Hybrid Feature Fusion and Deep Learning Computers & Security 2021 https://doi.org/10.1016/j.cose.2021.102225 [12] Z. Yang, L. Luo, H. Chen Enhancing Ransomware Detection Accuracy by Combining Static and Dynamic Analysis Security and Communication Networks 2021 https://doi.org/10.1155/2021/6687412 [13] M. A. Karim, M. T. Islam Deep Learning for Malware Detection Using Stacked Autoencoders Neural Computing and Applications 2021 https://doi.org/10.1007/s00521-020-05097-3 [14] Z. Ren, X. Qi, H. Chen Ransomware Detection Using Multi-Modal Features and Ensemble Learning Information Sciences 2021 https://doi.org/10.1016/j.ins.2021.06.048 [15] S. Sharma, A. Kumar Review of Machine Learning and Deep Learning Methods for Detecting Ransomware Journal of Ambient Intelligence and Humanized Computing 2024 https://doi.org/10.1007/s12652-023-04670-w

ijraset73669

Download Paper

Paper Id : IJRASET73669

Publish Date : 2025-08-14

ISSN : 2321-9653

Publisher Name : IJRASET

DOI Link : Click Here

Whatsapp Submit Paper Online