Journal of Universal Computer Science (Feb 2024)

Visualizing Portable Executable Headers for Ransomware Detection: A Deep Learning-Based Approach

  • Tien Quang Dam,
  • Nghia Thinh Nguyen,
  • Trung Viet Le,
  • Tran Duc Le,
  • Sylvestre Uwizeyemungu,
  • Thang Le-Dinh

DOI
https://doi.org/10.3897/jucs.104901
Journal volume & issue
Vol. 30, no. 2
pp. 262 – 286

Abstract

Read online Read online Read online

In recent years, the rapid evolution of ransomware has led to the development of numerous techniques designed to evade traditional malware detection methods. To address this issue, a novel approach is proposed in this study, leveraging machine learning to encode critical information from Portable Executable (PE) headers into visual representations of ransomware samples. The proposed method selects highly impactful features for data sample classification and encodes them as images based on predefined color rules. A deep learning model named peIRCECon (PE Header-Image-based Ransomware Classification Ensemble with Concatenating) is also developed by integrating prominent architectures, such as VGG16 and ResNet50, and incorporating the concatenating method to enhance ransomware detection and classification performance. Experimental results using self-collected datasets demonstrate the efficacy of this approach, achieving high accuracy of 99.85% in distinguishing between ransomware and benign samples. This promising approach holds the potential to significantly improve the effectiveness of ransomware detection and classification, thereby contributing to more robust cybersecurity defense systems.