Logo

Visualizing portable executable headers for ransomware detection: A deep learning-based approach

Statistiques de téléchargement

Téléchargements

Téléchargements par mois depuis la dernière année

Quang Dam, T., Thinh Nguyen, N., Viet Le, T., Duc Le, T., Uwizeyemungu, S. et Le-Dinh, T. (2024). Visualizing portable executable headers for ransomware detection: A deep learning-based approach. JUCS - Journal of Universal Computer Science, 30 (2). pp. 262-286. ISSN 0948-695X 0948-6968 DOI 10.3897/jucs.104901

[thumbnail of LE_DINH_T_32_ED.pdf]
Prévisualisation
 PDF
Disponible sous licence Creative Commons Attribution No Derivatives.
Télécharger (4MB) | Prévisualisation

Résumé

In recent years, the rapid evolution of ransomware has led to the development of numerous techniques designed to evade traditional malware detection methods. To address this issue, a novel approach is proposed in this study, leveraging machine learning to encode critical information from Portable Executable (PE) headers into visual representations of ransomware samples. The proposed method selects highly impactful features for data sample classification and encodes them as images based on predefined color rules. A deep learning model named peIRCECon (PE Header-Image-based Ransomware Classification Ensemble with Concatenating) is also developed by integrating prominent architectures, such as VGG16 and ResNet50, and incorporating the concatenating method to enhance ransomware detection and classification performance. Experimental results using self-collected datasets demonstrate the efficacy of this approach, achieving high accuracy of 99.85% in distinguishing between ransomware and benign samples. This promising approach holds the potential to significantly improve the effectiveness of ransomware detection and classification, thereby contributing to more robust cybersecurity defense systems.

Type de document: Article
Mots-clés libres: Ransomware Deep Learning Machine Learning Ensemble Model Image-based diagnose PE Header
Date de dépôt: 07 avr. 2025 13:18
Dernière modification: 07 avr. 2025 13:22
Version du document déposé: Version officielle de l'éditeur
URI: https://depot-e.uqtr.ca/id/eprint/11841

Actions (administrateurs uniquement)

Éditer la notice Éditer la notice