A MODEL FOR DETECTING RANSOMWARE ATTACKS USING LSTM-DEEP AUTOENCODER NET-WORK

ABSTRACT

Ransomware is on the rising trend in a range of fields, including higher education, health care, business, and scientific research. These attacks are the result of various social engineering techniques used to entice or compel a user to click on a malicious link in an email or in other forms of electronic communication. Because of the attack's spread, igniting, and operational attributes, make is possible for it to happen.This paper presents a robust model for the detection of ransomware attacks. The system starts by acquiring a dataset that comprise of over 35,000 applications, their hash functions and their attributes. The dataset was pre-processed so as to remove null or empty values, and noise. This was done so as to have a better training performance. After pre-processing, a deep autoencoder network was applied to the dataset in selecting important features. This was done so as to reduce the dimension of the dataset. The reduced features was then used in building an LSTM model. The LSTM model consist of a total of network architecture. The first was used to accept input (being the reduced features), the second were used to pre-process and transform the inputs and the third was used in displaying the output (ransomware or normal). The LSTM model was built using a batch_size = 32, epoch =7, activation function = [softsign and linear]. The result of the LSTM model shows a training accuracy of about 99.99%, and a testing accuracy of 99.95%. LSTM model also shows true negative value to be 56.34%, true negative to be 43.66% and 0% for false positive and false negative. This shows that a high level of detection accuracy.

Index Terms — Ransomware, LSTM-Autoencoder Network, Malicious Activities, Cyber-Attacks