Deep Learning-based Ransomware Detection Model with Hybrid Analysis

Abstract

Ransomware continues to advance as a major cybersecurity threat integrating obfuscation techniques to evade detection systems. Existing machine learning approaches often struggle to identify novel ransomware variants due to their limited ability to capture temporal and behavioral patterns. To address this gap, this study proposes a hybrid ransomware detection framework that integrates both static and behavioral analysis using Long Short-Term Memory (LSTM) network architectures. The models investigated include Vanilla LSTM, Bidirectional LSTM, Stacked LSTM, and Convolutional LSTM (ConvLSTM). Datasets containing labeled Windows-based ransomware and benign samples were collected from open-source repositories and pre-processed into structured feature vectors suitable for time-series modeling. The proposed hybrid framework was evaluated using accuracy, precision, recall, and F1-score metrics to determine which LSTM performed the best. Among the tested models, ConvLSTM achieved the highest accuracy of 97.36%, with a precision of 97.2%, recall of 97.39%, and F1-score of 97.3%, outperforming other LSTM architectures. These results demonstrate that combining static and behavioral features with deep learning significantly improves ransomware detection performance, suggesting the approach’s strong potential for real-world cybersecurity applications.