Improving Cyber Defense Against Ransomware: A Generative Adversarial Networks-Based Adversarial Training Approach for Long Short-Term Memory Network Classifier

The rapid proliferation of ransomware variants necessitates more effective detection mechanisms, as traditional signature-based methods are increasingly inadequate. These conventional methods rely on manual feature extraction and matching, which are time-consuming and limited to known threats. This study addresses the escalating challenge of ransomware threats in cybersecurity by proposing a novel deep learning model, LSTM-EDadver, which leverages Generative Adversarial Networks (GANs) and Carlini and Wagner (CW) attacks to enhance malware detection capabilities. LSTM-EDadver innovatively generates adversarial examples (AEs) using sequential features derived from ransomware behaviors, thus training deep learning models to improve their robustness and accuracy. The methodology combines Cuckoo sandbox analysis with conceptual lattice ontology to capture a wide range of ransomware families and their variants. This approach not only addresses the shortcomings of existing models but also simulates real-world adversarial conditions during the validation phase by subjecting the models to CW attacks. The experimental results demonstrate that LSTM-EDadver achieves a classification accuracy of 96.59%. This performance was achieved using a dataset of 1328 ransomware samples (across 32 ransomware families) and 519 normal instances, outperforming traditional RNN, LSTM, and GCU models, which recorded accuracies of 90.01%, 93.95%, and 94.53%, respectively. The proposed model also shows significant improvements in F1-score, ranging from 2.49% to 6.64% compared to existing models without adversarial training. This advancement underscores the effectiveness of integrating GAN-generated attack command sequences into model training.