Numeric Feature Analysis in Deep Learning-based Ransomware Detection with Convolution Neural Network Models
Main Article Content
Abstract
The research introduces ResMalNet, a convolutional neural network architecture designed for malware detection. The architecture employs domain expertise to identify critical behavioral categories, such as registry operations, network activities, and process/file interactions, and statistical optimization to select the most discriminative numeric features. ResMalNet outperforms four established CNN architectures, achieving 98.91\% accuracy and 98.92\% precision while maintaining balanced recall and F1-scores of 98.91\%. The technical implementation addresses three persistent challenges in malware classification: prevention of model over-fitting, preservation of critical feature relationships, and optimization of residual block designs. Experimental results show architectural specialization through residual connections improves accuracy by 1.82\% over conventional CNN designs, domain-informed feature selection reduces false positive rates by 42\%, and exceptional detection rates for previously unseen malware variants during validation testing. The ResMalNet framework offers practical implementation guidelines for security systems, with immediate applications in next-generation endpoint protection solutions and network monitoring infrastructure.
Article Details
Upon receipt of accepted manuscripts, authors will be invited to complete a copyright license to publish the paper. At least the corresponding author must send the copyright form signed for publication. It is a condition of publication that authors grant an exclusive licence to the the INFOCOMP Journal of Computer Science. This ensures that requests from third parties to reproduce articles are handled efficiently and consistently and will also allow the article to be as widely disseminated as possible. In assigning the copyright license, authors may use their own material in other publications and ensure that the INFOCOMP Journal of Computer Science is acknowledged as the original publication place.
References
@article{Al2018,
title={Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions},
author={Al-Rimy, Bander Ali Saleh and Maarof, Mohd Aizaini and Shaid, Syed Zainudeen Mohd},
journal={Computers & Security},
volume={74},
pages={144--166},
year={2018},
publisher={Elsevier}
}
@article{Koyirar2024,
title={Efficient ransomware detection through process memory analysis in operating systems},
author={Koyirar, William and Harris, Benjamin and Williams, Jonathan and Moreno, Alejandro and Davis, Elizabeth},
journal={Authorea Preprints},
year={2024},
publisher={Authorea}
}
@article{Zhang2024,
title={Ransomware Detection with a 2-Tier Machine Learning Approach Using a Novel Clustering Algorithm},
author={Zhang, Ruoming and Liu, Yuyan},
year={2024}
}
@article{Kovacs2022,
title={Ransomware: a comprehensive study of the exponentially increasing cybersecurity threat},
author={Kov{'a}cs, A},
journal={Insights into Regional Development},
volume={4},
number={2},
pages={96--104},
year={2022}
}
@article{Raff2017,
title={Malware detection by eating a whole exe},
author={Raff, Edward and Barker, Jon and Sylvester, Jared and Brandon, Robert and Catanzaro, Bryan and Nicholas, Charles},
journal={arXiv preprint arXiv:1710.09435},
year={2017}
}
@inproceedings{Zhang2018,
title={A novel android malware detection approach based on convolutional neural network},
author={Zhang, Yi and Yang, Yuexiang and Wang, Xiaolei},
booktitle={Proceedings of the 2nd international conference on cryptography, security and privacy},
pages={144--149},
year={2018}
}
@article{Yuryna2020,
title={An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability},
author={Yuryna Connolly, Lena and Wall, David S and Lang, Michael and Oddson, Bruce},
journal={Journal of Cybersecurity},
volume={6},
number={1},
pages={tyaa023},
year={2020},
publisher={Oxford University Press}
}
@inproceedings{Yuan2014droid,
title={Droid-sec: deep learning in android malware detection},
author={Yuan, Zhenlong and Lu, Yongqiang and Wang, Zhaoguo and Xue, Yibo},
booktitle={Proceedings of the 2014 ACM conference on SIGCOMM},
pages={371--372},
year={2014}
}
@article{Vince2024,
title={Segregated Heuristic Chains for Advanced Ransomware Detection through Generative Anomaly Patterns},
author={Vince, Jonathan and Hemmingway, Ethelred and Penhaligon, Rosalind and Cattermole, Ambrosius and Swinburne, Valentina},
journal={Authorea Preprints},
year={2024},
publisher={Authorea}
}
@article{Sl2019,
title={Windows malware detector using convolutional neural network based on visualization images},
author={SL, Shiva Darshan and Jaidhar, CD},
journal={IEEE Transactions on Emerging Topics in Computing},
volume={9},
number={2},
pages={1057--1069},
year={2019},
publisher={IEEE}
}
@inproceedings{Rege2020,
title={Ransomware attacks against critical infrastructure},
author={Rege, Aunshul and Bleiman, Rachel},
booktitle={Proc. 20th Eur. Conf. Cyber Warfare Security},
pages={324},
year={2020}
}
@article{Ravi2023,
title={Attention-based convolutional neural network deep learning approach for robust malware classification},
author={Ravi, Vinayakumar and Alazab, Mamoun},
journal={Computational Intelligence},
volume={39},
number={1},
pages={145--168},
year={2023},
publisher={Wiley Online Library}
}
@book{Ryan2021,
title={Ransomware Revolution: the rise of a prodigious cyber threat},
author={Ryan, Matthew},
volume={85},
year={2021},
publisher={Springer}
}
@article{Malik2023,
title={Developing resilient cyber-physical systems: a review of state-of-the-art malware detection approaches, gaps, and future directions},
author={Malik, M Imran and Ibrahim, Ahmed and Hannay, Peter and Sikos, Leslie F},
journal={Computers},
volume={12},
number={4},
pages={79},
year={2023},
publisher={MDPI}
}
@incollection{Kalinaki2025,
title={Ransomware Threat Mitigation Strategies for Protecting Critical Infrastructure Assets},
author={Kalinaki, Kassim},
booktitle={Ransomware Evolution},
pages={120--143},
year={2025},
publisher={CRC Press}
}
@article{Liu2020,
title={Multifamily classification of Android malware with a fuzzy strategy to resist polymorphic familial variants},
author={Liu, Xiaojian and Du, Xi and Lei, Qian and Liu, Kehong},
journal={IEEE Access},
volume={8},
pages={156900--156914},
year={2020},
publisher={IEEE}
}
@article{Kim2021,
title={Convolutional neural network-based cryptography ransomware detection for low-end embedded processors},
author={Kim Hyunji and others},
journal={Mathematics},
volume={9},
number={7},
pages={705},
year={2021},
publisher={MDPI}
}
@article{Hussain2024,
title={Enhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats},
author={Hussain, Amjad and others},
journal={PeerJ Computer Science},
volume={10},
pages={e2546},
year={2024},
publisher={PeerJ Inc.}
}
@article{Hasan2024,
title={New Heuristics Method for Malicious URLs Detection Using Machine Learning},
author={Hasan, Maher Kassem},
journal={Wasit Journal of Computer and Mathematics Science},
volume={3},
number={3},
pages={60--67},
year={2024}
}
@article{Gyamfi2022,
title={Malware detection using convolutional neural network, a deep learning framework: Comparative analysis},
author={Gyamfi, Nana Kwame and others},
year={2022},
publisher={Innovative Information Science & Technology Research Group (ISYOU)}
}
@article{Gulmez2024,
title={XRan: Explainable deep learning-based ransomware detection using dynamic analysis},
author={Gulmez, Sibel and others},
journal={Computers & Security},
volume={139},
pages={103703},
year={2024},
publisher={Elsevier}
}
@article{Ganfure2022,
title={Deepware: Imaging performance counters with deep learning to detect ransomware},
author={Ganfure, Gaddisa Olani and others},
journal={IEEE Transactions on Computers},
volume={72},
number={3},
pages={600--613},
year={2022},
publisher={IEEE}
}
@article{Carrier2021,
title={Detecting obfuscated malware using memory feature engineering},
author={Carrier, Tristan},
year={2021},
publisher={University of New Brunswick}
}
@article{Benmalek2024,
title={Ransomware on cyber-physical systems: Taxonomies, case studies, security gaps, and open challenges},
author={Benmalek, Mourad},
journal={Internet of Things and Cyber-Physical Systems},
year={2024},
publisher={Elsevier}
}
@inproceedings{Alam2021,
title={DeepMalware: a deep learning based malware images classification},
author={Alam, Mehmood and others},
booktitle={2021 International Conference on Cyber Warfare and Security (ICCWS)},
pages={93--99},
year={2021},
organization={IEEE}
}
@article{Alrzini2020,
title={A review of polymorphic malware detection techniques},
author={Alrzini, Joma Rajab Salim and Pennington, Diane},
journal={International Journal of Advanced Research in Engineering and Technology},
volume={11},
number={12},
pages={1238--1247},
year={2020}
}
@inproceedings{Basnet2021,
title={Ransomware detection using deep learning in the SCADA system of electric vehicle charging station},
author={Basnet, Manoj and others},
booktitle={2021 IEEE PES Innovative Smart Grid Technologies Conference-Latin America (ISGT Latin America)},
pages={1--5},
year={2021},
organization={IEEE}
}