Enhanced ransomware detection and prevention using cnn-bilstm for deep behavioural analysis

Author: 
Rahul Jadon, Kannan Srinivasan, Guman Singh Chauhan, Rajababu Budda, Venkata Surya Teja Gollapalli and Prema, R.

Ransomware attacks have emerged as a major cybersecurity threat in terms of the massive financial and data losses it has inflicted across the globe. Such attacks cannot easily be detected by traditional detection techniques, including signature-based and rule-based detection, because these are issues that rely heavily on predefined characteristics and static rules for their identification purposes. These were thus conventional systems that turned out to be poor in adaptability, having high false-positive rates, and insufficient detection when it came to the ever-evolving ransomware attacks. To overcome such limitations, we introduce in this study an improved framework for detecting and preventing ransomware through deep behavioural analysis using Convolutional Neural Network Bidirectional Long Short-Term Memory (CNN-BiLSTM). Here, the CNN would extract spatial features from different system activity logs, whereas the BiLSTM would capture sequential dependencies to improve the accuracy and robustness of the detection. The current proposed system identifies behaviour related to the ransomware domestication instantly and further integrates it with prevention and response mechanisms to counteract the threats before encryption either occurs or can take place. The experimental results indicate that the method realizes the detection accuracy level of 97.5%, which beats the traditional model. The proposed approach outperforms the traditional methods with 18% improved detection rate and 22% of false-positive reduction, making ransomware defence much more reliable. This contribution to much-needed next-generation protection against ransomware is scalable, intelligent, and proactive, thus increasing cyberspace resilience against sophisticated ransomware threats in real-world applications.

Paper No: 
5747