A Wide and Weighted Deep Ensemble Model for Behavioral Drifting Ransomware Attacks

Urooj, Umara; Al-rimy, Bander Ali Saleh; Gazzan, Mazen; Zainal, Anazida; Amer, Eslam; Almutairi, Mohammed; Shiaeles, Stavros; Sheldon, Frederick

A Wide and Weighted Deep Ensemble Model for Behavioral Drifting Ransomware Attacks

Umara Urooj, Bander Ali Saleh Al-rimy (), Mazen Gazzan, Anazida Zainal, Eslam Amer, Mohammed Almutairi, Stavros Shiaeles and Frederick Sheldon ()
Additional contact information
Umara Urooj: Faculty of Computing, Universiti Teknologi Malaysia, Johor Bahru 81310, Malaysia
Bander Ali Saleh Al-rimy: PAIDS Research Center, School of Computing, University of Portsmouth, Buckingham Building, Lion Terrace, Portsmouth PO1 3HE, UK
Mazen Gazzan: College of Computer Science and Information Systems, Najran University, Najran 66462, Saudi Arabia
Anazida Zainal: Faculty of Computing, Universiti Teknologi Malaysia, Johor Bahru 81310, Malaysia
Eslam Amer: PAIDS Research Center, School of Computing, University of Portsmouth, Buckingham Building, Lion Terrace, Portsmouth PO1 3HE, UK
Mohammed Almutairi: Department of Computer Science, University of Idaho, Moscow, ID 83844, USA
Stavros Shiaeles: PAIDS Research Center, School of Computing, University of Portsmouth, Buckingham Building, Lion Terrace, Portsmouth PO1 3HE, UK
Frederick Sheldon: Department of Computer Science, University of Idaho, Moscow, ID 83844, USA

Mathematics, 2025, vol. 13, issue 7, 1-27

Abstract: Ransomware is a type of malware that leverages encryption to execute its attacks. Its continuous evolution underscores its dynamic and ever-changing nature. The evolving variants use varying timelines to launch attacks and associate them with varying attack patterns. Detecting early evolving variants also leads to incomplete attack patterns. To develop an early detection model for behavioral drifting ransomware attacks, a detection model should be able to detect evolving ransomware variants. To consider the behavioral drifting problem of ransomware attacks, a model should be able to generalize the behavior of significant features comprehensively. Existing solutions were developed by using either a whole attack pattern or a fraction of an attack pattern. Likewise, they were also designed using historical data, which can make these solutions outdated or suffer from low accuracy for behavioral drift ransomware attacks. The detection models created using a fraction of the pre-encryption data also can not generalize the attack behavior of evolving ransomware variants. There is a need to develop an early detection model that can detect evolving ransomware variants with varying pre-encryption phases. The proposed model can detect the evolving ransomware variants by comprehensively generalizing significant attack patterns.

Keywords: ransomware; early detection; malware analysis; deep learning (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2025
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-7390/13/7/1037/pdf (application/pdf)
https://www.mdpi.com/2227-7390/13/7/1037/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:13:y:2025:i:7:p:1037-:d:1618401

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().