Call for Paper - Upcoming Issues

Intelligent Ransomware Detection Using Hybrid CNN-Bidirectional GRU with Optimized Training and Low Computational Overhead

International Journal of Electronics and Communication Engineering
© 2025 by SSRG - IJECE Journal
Volume 12 Issue 9
Year of Publication : 2025
Authors : M.S. Balamurugan, V. Rajendran, S. Suma Christal Mary
10.14445/23488549/IJECE-V12I9P118
pdf
How to Cite?

M.S. Balamurugan, V. Rajendran, S. Suma Christal Mary, "Intelligent Ransomware Detection Using Hybrid CNN-Bidirectional GRU with Optimized Training and Low Computational Overhead," SSRG International Journal of Electronics and Communication Engineering, vol. 12,  no. 9, pp. 203-215, 2025. Crossref, https://doi.org/10.14445/23488549/IJECE-V12I9P118

Abstract:

The significant increase in ransomware assaults, which peaked over the past decade till 2024, makes it extremely concerning for cyber experts to track early detection methods continuously. This ransomware virus remains one of the most significant threats governments and businesses must confront. Conventional signature-based anti-ransomware solutions and heuristic-based and rule-based methods often struggle to identify ransomware malware, which is ineffective at detecting known threats. Various researchers used machine learning techniques for ransomware detection, leading to a lack of reliability in real-world scenarios and higher computational time costs. To tackle the challenge of ransomware detection, this research work focuses on a deep learning-based hybrid model that combines CNN-LSTM, CNN-GRU, and CNN-Bidirectional GRU. Each layer effectively trains the parameters to detect malware. The CNN-Bidirectional GRU model achieved a maximum accuracy of 99.8% when using the Adam and RMSProp optimizers, with a computational cost of only 0.01 seconds. Using these optimizers, the proposed model reached a greater convergence rate, which protects the files against Ransomware. Additionally, comparisons were made between traditional machine learning and deep learning methods across various metrics, including training accuracy, validation accuracy, training losses and validation losses, to evaluate the overall performance of the proposed methods.

Keywords:

Bidirectional Gated Recurrent Unit (BID-GRU), Convolutional Neural Network (CNN), Cybersecurity, Gated Recurrent Unit (GRU), Ransomware malware.

References:

[1] J. De Groot, “A History of Ransomware Attack: The Biggest and Worst Ransomware Attack of All Time,” 2017 Internet Crime Report, Report, 2018.
[Google Scholar] [Publisher Link]
[2] Craig Beaman et al., “Ransomware: Recent Advances, Analysis, Challenges and Future Research Directions,” Computers & Security, vol. 111, pp. 1-22, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Umaru Adamu, and Irfan Awan, “Ransomware Prediction using Supervised Learning Algorithms,” 7th International Conference on Future Internet of Things and Cloud, Istanbul, Turkey, pp. 57-63, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Goteng Kuwunidi Job et al., “Impacts of Ransomware Attacks on Edge Computing Devices: Challenges and Research Opportunities,” International Journal of Engineering Research & Technology, vol. 10, no. 4, pp. 665-670, 2021.
[Google Scholar] [Publisher Link]
[5] Stephan Dreiseitl, and Lucila Ohno-Machado, “Logistic Regression and Artificial Neural Network Classification Models: A Methodology Review,” Journal of Biomedical Informatics, vol. 35, no. 5-6, pp. 352-359, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Cisco Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette. [Online]. Available: https://umbrella.cisco.com/info/cyber-threat-trends-report
[7] A.S.S.V. Lakshmi Pooja, and M. Sridhar, “Analysis of Phishing Website Detection Using CNN and Bidirectional LSTM,” 4th International Conference on Electronics, Communication and Aerospace Technology, pp. 1620-1629, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Amjad Alraizza, and Abdulmohsen Algarni, “Ransomware Detection using Machine Learning: A Survey,” Big Data and Cognitive Computing, vol. 7, no. 3, pp. 1-24, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Nisreen Alzahrani, and Daniyal Alghazzawi, “A Review on Android Ransomware Detection using Deep Learning Techniques,” Proceedings of the 11th International Conference on Management of Digital EcoSystems, pp. 330-335, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Bander Ali Saleh Al-rimy, Mohd Aizaini Maarof, and Syed Zainudeen Mohd Shaid, “Ransomware Threat Success Factors, Taxonomy, and Countermeasures: A Survey and Research Directions,” Computers & Security, vol. 74, pp. 144-166, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Jinal P. Tailor, and Ashish D. Patel, “A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage Control,” International Journal of Research and Scientific Innovation, vol. 4, no. 15, pp. 116-121, 2017.
[Google Scholar]
[12] Umara Urooj et al., “Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions,” Applied Sciences, vol. 12, no. 1, pp. 1-45, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Damien Warren Fernando, Nikos Komninos, and Thomas Chen, “A Study on the Evolution of Ransomware Detection using Machine Learning and Deep Learning Techniques,” IoT, vol. 1, no. 2, pp. 551-604, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Malak Aljabri et al., “Ransomware Detection Based on Machine Learning Using Memory Features,” Egyptian Informatics Journal, vol. 25, pp. 1-8, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Samah Alsoghyer, and Iman Almomani, “Ransomware Detection System for Android Applications,” Electronics, vol. 8, no. 8, pp. 1-36, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Hanqi Zhang et al., “Classification of Ransomware Families with Machine Learning Based OnN-Gram of Opcodes,” Future Generation Computer Systems, vol. 90, pp. 211-221, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[17] G. Kirubavathi, and W.R. Anne, “Behavioral Based Detection of Android Ransomware Using Machine Learning Techniques,” International Journal of System Assurance Engineering and Management, vol. 15, no. 9, pp. 4404-4425, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Seong Il Bae, Gyu Bin Lee, and Eul Gyu Im, “Ransomware Detection using Machine Learning Algorithms,” Concurrency and Computation: Practice and Experience, vol. 32, no. 18, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Fakhroddin Noorbehbahani, Farzaneh Rasouli, and Mohammad Saberi, “Analysis of Machine Learning Techniques for Ransomware Detection,” 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology, Mashhad, Iran, pp. 128-133, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Subash Poudyal, Kul Prasad Subedi, and Dipankar Dasgupta, “A Framework for Analyzing Ransomware using Machine Learning,” IEEE Symposium Series on Computational Intelligence, Bangalore, India, pp. 1692-1699, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Fadare Oluwaseun Gbenga, Adetunmbi Adebayo Olusola, and Oyinloye Oghenerukevwe Elohor, “Towards Optimization of Malware Detection using Extra-Tree and Random Forest Feature Selections on Ensemble Classifiers,” The International Journal of Recent Technology and Engineering, vol. 9, no. 6, pp. 223-232, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[22] G. Revathy et al., “Smurf Attack Using Hybrid Machine Learning Technique,” AIP Conference Proceedings, vol. 2463, no. 1, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Iram Bibi et al., “An Effective Android Ransomware Detection Through Multi-Factor Feature Filtration and Recurrent Neural Network,” 2019 UK/China Emerging Technologies, Glasgow, UK, pp. 1-4, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Maher G.M. Abdolrasol et al., “Artificial Neural Networks Based Optimization Techniques: A Review,” Electronics, vol. 10, no. 21, pp. 1-43, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Shun Tobiyama et al., “Malware Detection with Deep Neural Network Using Process Behavior,” 2016 IEEE 40th Annual Computer Software and Applications Conference, Atlanta, GA, USA, pp. 577-582, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Dipendra Pant, and Rabindra Bista, “Image-Based Malware Classification using Deep Convolutional Neural Network and Transfer Learning,” Proceedings of the 3rd International Conference on Advanced Information Science and System, pp. 1-6, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[27] Umme Zahoora et al., “Ransomware Detection using Deep Learning Based Unsupervised Feature Extraction and a Cost Sensitive Pareto Ensemble Classifier,” Scientific Reports, vol. 12, no. 1, pp. 1-15, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[28] Ransomware Detection using Machine Learning. [Online]. Available: https://github.com/muditmathur2020/RansomwareDetection/tree/master
[29] Paula Branco, “Exploring the Impact of Resampling Methods for Malware Detection,” IEEE International Conference on Big Data, Atlanta, GA, USA, pp. 3961-3968, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[30] Iman Almomani et al., “Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbalanced Data,” IEEE Access, vol. 9, pp. 57674-57691, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[31] Tohari Ahmad, and Mohammad Nasrul Aziz, “Data Preprocessing and Feature Selection for Machine Learning Intrusion Detection Systems,” ICIC Express Letters, vol. 13, no. 2, pp. 93-101, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[32] Sumith Maniath et al., “Deep Learning LSTM based Ransomware Detection,” 2017 Recent Developments in Control, Automation & Power Engineering, Noida, India, pp. 442-446, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[33] Amardeep Singh et al., “Enhancing Ransomware Attack Detection Using Transfer Learning and Deep Learning Ensemble Models on Cloud-Encrypted Data,” Electronics, vol. 12, no. 18, pp. 1-31, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[34] Bin Zhang et al., “Ransomware Classification using Patch-Based CNN and Self-Attention Network on Embedded N-Grams of Opcodes,” Future Generation Computer Systems, vol. 110, pp. 708-720, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[35] Revathy Ganapathy et al., “CNN-LSTM: Development of Offline Signature Authentication,” International Conference on Emerging Research in Computational Science, Coimbatore, India, pp. 1-6, 2023.
[CrossRef] [Google Scholar] [Publisher Link]