A Lightweight Detection of Sequential Patterns in File System Events During Ransomware Attacks

Arash Mahboubi, Hang Thanh Bui, Hamed Aboutorab, Khanh Luong, Seyit Camtepe, Keyvan Ansari

Research output: Book chapter/Published conference paperConference paperpeer-review

Abstract

Ransomware poses a major threat by encrypting files and demanding ransom for decryption. This paper introduces a lightweight hybrid model for detecting ransomware by analyzing file system events. By combining XGBoost and Long Short-Term Memory (LSTM) networks, the approach identifies and predicts malicious behaviors with high accuracy and low computational cost. A File System Monitor Watchdog was developed to track file activities, collecting a dataset from 20 ransomware families. XGBoost is used for initial pattern detection, and LSTM networks for sequential analysis. The model achieved 97.12% detection accuracy, outperforming traditional methods in accuracy and efficiency, while reducing computational costs.

Original languageEnglish
Title of host publicationWeb Information Systems Engineering – WISE 2024 - 25th International Conference, Proceedings
EditorsMahmoud Barhamgi, Hua Wang, Xin Wang
PublisherSpringer
Pages204-215
Number of pages12
ISBN (Print)9789819605750
DOIs
Publication statusPublished - 2025
Event25th International Conference on Web Information Systems Engineering, WISE 2024 - Doha, Qatar
Duration: 02 Dec 202405 Dec 2024

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume15440 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference25th International Conference on Web Information Systems Engineering, WISE 2024
Country/TerritoryQatar
CityDoha
Period02/12/2405/12/24

Fingerprint

Dive into the research topics of 'A Lightweight Detection of Sequential Patterns in File System Events During Ransomware Attacks'. Together they form a unique fingerprint.

Cite this