Graph-contrast ransomware detection (GCRD) with advanced feature selection and deep learning
Suneeta Satpathy, Pratik Kumar Swain
Abstract
Ransomware attacks represent a more potent and upcoming cybersecurity threat and traditional detection strategies have been ineffective against new and polymorphic ransomware variants. To overcome the limitations of conventional detection strategies, this study proposes the Graph-Contrast Ransomware Detection (GCRD) model comprising Graph-Based Feature Selection (GFS), Contrastive Learning (CLR), and Transformer-Based Classification (FT-Transformer + MLP). The proposed model aims to improve early-stage ransomware detection by targeting the infection and escalation stages before file encryption. GFS utilizes graph neural networks (GNNs) to generate a feature graph, enabling efficient pruning of essential features from portable executable (PE) files. CLR enhances feature representation through self-supervised learning, improving generalizability to various ransomware families. The FT-Transformer module uses self-attention to recognize complex feature interdependencies, further improving classification accuracy. The model is tested on a heterogeneous ransomware dataset and the results confirm that GCRD achieves 99.1% accuracy with 1.5% false positive rate against state-of-the-art conventional machine learning and deep learning models. Moreover, GCRD model classifies each sample within 55 milliseconds, enabling real-time classification suitable for enterprise environments. The present study proposes an efficient and scalable early-stage ransomware detection solution with further potential for improvement through dynamic runtime behaviour analysis of future cyber threats.