JUCS - Journal of Universal Computer Science 30(2): 262-286, doi: 10.3897/jucs.104901
Visualizing Portable Executable Headers for Ransomware Detection: A Deep Learning-Based Approach
Tien Quang Dam‡, Nghia Thinh Nguyen‡, Trung Viet Le‡, Tran Duc Le‡§, Sylvestre Uwizeyemungu§, Thang Le-Dinh§‡ The University of Danang – University of Science and Technology, Danang, Vietnam§ Université du Québec à Trois-Rivières, Trois-Rivières, Canada
Corresponding author: Tran Duc Le ( letranduc@dut.udn.vn ) © Tien Quang Dam, Nghia Thinh Nguyen, Trung Viet Le, Tran Duc Le, Sylvestre Uwizeyemungu, Thang Le-Dinh. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY-ND 4.0). This license allows reusers to copy and distribute the material in any medium or format in unadapted form only, and only so long as attribution is given to the creator. The license allows for commercial use. Citation:
Dam TQ, Nguyen NT, Le TV, Le TD, Uwizeyemungu S, Le-Dinh T (2024) Visualizing Portable Executable Headers for Ransomware Detection: A Deep Learning-Based Approach. JUCS - Journal of Universal Computer Science 30(2): 262-286. https://doi.org/10.3897/jucs.104901 |  |
Abstract
In recent years, the rapid evolution of ransomware has led to the development of numerous techniques designed to evade traditional malware detection methods. To address this issue, a novel approach is proposed in this study, leveraging machine learning to encode critical information from Portable Executable (PE) headers into visual representations of ransomware samples. The proposed method selects highly impactful features for data sample classification and encodes them as images based on predefined color rules. A deep learning model named peIRCECon (PE Header-Image-based Ransomware Classification Ensemble with Concatenating) is also developed by integrating prominent architectures, such as VGG16 and ResNet50, and incorporating the concatenating method to enhance ransomware detection and classification performance. Experimental results using self-collected datasets demonstrate the efficacy of this approach, achieving high accuracy of 99.85% in distinguishing between ransomware and benign samples. This promising approach holds the potential to significantly improve the effectiveness of ransomware detection and classification, thereby contributing to more robust cybersecurity defense systems.
Keywords
Ransomware; Deep Learning; Machine Learning; Ensemble Model; Image-based diagnose; PE Header