JUCS - Journal of Universal Computer Science 30(2): 262-286, doi: 10.3897/jucs.104901
Visualizing Portable Executable Headers for Ransomware Detection: A Deep Learning-Based Approach
expand article infoTien Quang Dam, Nghia Thinh Nguyen, Trung Viet Le, Tran Duc Le§, Sylvestre Uwizeyemungu§, Thang Le-Dinh§
‡ The University of Danang – University of Science and Technology, Danang, Vietnam§ Université du Québec à Trois-Rivières, Trois-Rivières, Canada
Open Access
In recent years, the rapid evolution of ransomware has led to the development of numerous techniques designed to evade traditional malware detection methods. To address this issue, a novel approach is proposed in this study, leveraging machine learning to encode critical information from Portable Executable (PE) headers into visual representations of ransomware samples. The proposed method selects highly impactful features for data sample classification and encodes them as images based on predefined color rules. A deep learning model named peIRCECon (PE Header-Image-based Ransomware Classification Ensemble with Concatenating) is also developed by integrating prominent architectures, such as VGG16 and ResNet50, and incorporating the concatenating method to enhance ransomware detection and classification performance. Experimental results using self-collected datasets demonstrate the efficacy of this approach, achieving high accuracy of 99.85% in distinguishing between ransomware and benign samples. This promising approach holds the potential to significantly improve the effectiveness of ransomware detection and classification, thereby contributing to more robust cybersecurity defense systems. 
Ransomware; Deep Learning; Machine Learning; Ensemble Model; Image-based diagnose; PE Header