Poster
in
Affinity Workshop: Black in AI
Deepware: Imaging performance counters with deep learning to detect ransomware
Gaddisa Olani Ganfure · Yuan-Hao Chang
Keywords: [ Computer Vision ] [ machine learning ] [ artificial intelligence ] [ Deep Learning ]
This paper presents“DeepWare,” a ransomware detection model inspired by deep learning and hardware performance counter (HPC). By imaging the HPC values and restructuring the conventional CNN model, DeepWare can address HPC’s nondeterminism issue by extracting the event-specific and event-wise behavioral features, which allows it to distinguish the ransomware activity from the benign one effectively. The experiment results across ransomware families show that the proposed DeepWare is effective at detecting different classes of ransomware with a 98.6% recall score, which is 84.41%, 60.93%, and 21% improvement over RATAFIA, OC-SVM, and EGB models, respectively.