Jisuanji kexue (Mar 2023)

Ransomware Early Detection Method Based on Deep Learning

  • LIU Wenjing, GUO Chun, SHEN Guowei, XIE Bo, LYU Xiaodan

DOI
https://doi.org/10.11896/jsjkx.220200182
Journal volume & issue
Vol. 50, no. 3
pp. 391 – 398

Abstract

Read online

In recent years,ransomware is becoming increasingly prevalent,causing serious economic losses.Since files encrypted by ransomware are difficult to recover,how to timely and accurately detect ransomware is a hot point nowadays.To improve the timeliness and accuracy of ransomware detection,this paper analyzes the behavior of ransomware family and benign software in the early stage of operation and proposes a ransomware early detection method based on deep learning(REDMDL).REDMDL takes a certain length of application programming interface(API) sequence that is obtained by software running at the initial stage as input,combines word vector and position vector to vectorize the collected API sequence,and then constructs a convolutional neural network-long short term memory(CNN-LSTM) neural network model for early detection of ransomware.Experimental results show that REDMDL can accurately determine whether the software is ransomware or benign within seconds after it star-ting to run.

Keywords