Abstract
Ransomware has emerged as one of the most significant cyber threats, capable of causing irreversible damage to critical data and systems. Unlike traditional malware, ransomware employs encryption to lock files, making it difficult to detect and mitigate its effects. Early detection within the narrow pre-encryption window is crucial yet challenging due to the insufficiency of attack pattern data and the polymorphic nature of ransomware. This study addresses these challenges by developing a comprehensive ransomware detection framework that integrates data augmentation using Generative Adversarial Networks (GANs), adaptive feature selection techniques, and Deep Belief Networks (DBNs) for improved detection accuracy.The research aims to design and develop a data augmentation scheme using GANs to generate realistic attack patterns, addressing data insufficiency. Additionally, it implements an Incremental Mutual Information Selection (IMIS) technique for dynamic feature selection, adapting to the evolving nature of ransomware. The final objective is to design and train a DBN-based ransomware detection model, optimizing it for early detection within the pre-encryption window.
The methodology is structured into three main phases. First, data augmentation using GANs involves preprocessing the ransomware dataset through standardization and normalization, followed by the application of GANs to create artificial attack patterns that resemble real ransomware behavior. This phase enhances the training dataset, addressing data scarcity and improving the robustness of the detection model. Second, the IMIS technique processes data in manageable batches, dynamically updating feature relevance to accommodate the evolving characteristics of ransomware. This approach reduces computational load and enhances the model’s adaptability to new attack patterns, ensuring the selection of relevant and non-redundant features. Third, the DBN-based ransomware detection model is trained using the augmented dataset and selected features. The model's parameters, such as early stopping criteria, are optimized to prevent overfitting and improve detection accuracy.
Experimental results demonstrate the efficacy of the proposed approach. The GAN-based data augmentation significantly improves the training dataset, enabling the detection model to better generalize to new and unseen ransomware variants. The IMIS technique proves effective in selecting the most relevant features dynamically, ensuring the model remains adaptive to changes in ransomware behavior. The DBN-based detection model achieves high accuracy in early detection, outperforming traditional.