Core Concepts
A federated learning-based convolutional neural network (CNN) model can effectively detect ransomware attacks with high accuracy while preserving data privacy.
Abstract
The paper presents a method for detecting ransomware attacks using a federated learning-based convolutional neural network (CNN) model. The key highlights are:
-
Data Preprocessing:
- The authors collected a dataset of around 30,000 PE ransomware binaries and 3,000 benign binaries.
- The binary data was transformed into image data to leverage the capabilities of CNN models.
-
CNN Model Architecture:
- The proposed CNN model consists of 3 hidden layers, including 1 convolutional layer, 1 dropout layer, and 2 fully connected layers.
- The model uses ReLU activation and a sigmoid activation function in the output layer for binary classification.
-
Federated Learning Approach:
- The authors implemented a federated learning approach to train the CNN model, where the model is trained on distributed data sources without sharing the raw data.
- This approach preserves data privacy and allows the model to be trained on data from multiple sources.
-
Experimental Results:
- The proposed federated learning-based CNN model achieved high accuracy, with a precision of 92% and recall of 100% for both normal and ransomware samples.
- The F1-score of the model was 96%, demonstrating its effectiveness in detecting ransomware attacks.
The authors discuss the limitations of the current experimental setup, such as the relatively small dataset size and the equal distribution of data among clients. They plan to address these limitations in future work.
Stats
The dataset consists of a total of 6,000 samples, with 3,000 normal (benign) samples and 3,000 ransomware samples.
Quotes
"The proposed CNN model using Federated learning achieved a precision of 92% and recall of 100% for both normal and ransomware samples, with an F1-score of 96%."