Abstract

Ransomware is a significant security risk that encrypts customer information or locks users out of their systems, demanding payment to unlock. Companies that handle sensitive data such as personal data, financial data, or intellectual property are particularly at risk. Detecting ransomware remains challenging, and it requires advanced techniques to keep pace with evolving attack strategies. In this study, we propose hybrid models that combine feature extraction with deep learning and classification with machine learning techniques for improved detection of ransomware. The proposed hybrid approach combines a diverse set of machine learning algorithms, including Random Forest (RF), K-Nearest Neighbors (KNN), and Support Vector Machine (SVM), with deep learning models including Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN). The proposed models were evaluated on a large dataset consisting of over 226,548 grayscale images to test their performance. Experiment results demonstrate that hybrid models outperform traditional approaches, achieving higher accuracy. Among them, the CNN-RF hybrid model worked best with an accuracy rate of 97.39 % for binary and 94.32 % for multi-class classification. These findings highlight that hybrid models can be employed to enhance ransomware detection and strengthen cybersecurity practices.

Key words: Ransomware detection, Image processing, Machine learning, Deep learning, Hybrid model