Ransomware detection with CNN and deep learning based on multiple features of portable executable files

Ransomware detection with CNN and deep learning based on multiple features of portable executable files

연구 분야: Verification

학회: The Journal of Supercomputing

Due to the epidemic, many industries have become increasingly reliant on computers to perform essential tasks. However, ransomware attacks pose a significant threat, with potentially devastating consequences. To mitigate these risks, many researchers have proposed large number of methods to distinguish between benign programs and ransomware, but ransomware continues to evolve, rendering these methods gradually ineffective and leaving the virus attacks unresolved. In this study, we collected 1200 samples of ransomware from 80 different families, including packed, encrypted, and variant forms, to enhance the models’ ability to detect ransomware variant. Using features such as DLLs, subsystem information, subsystem versions, and N-grams, we made three deep learning models capable of handling variable input sizes. After experiments, our best-performing model achieved an accuracy of 99.77%, a recall of 99.72%, and a precision of 99.81%. Additionally, we designed a program that integrates these trained models, allowing users to scan their computers and proactively protect themselves against ransomware threats.