Poster
in
Affinity Workshop: Black in AI
Deepware: Imaging performance counters with deep learning to detect ransomware
Gaddisa Olani Ganfure · Yuan-Hao Chang
Keywords: [ machine learning ] [ artificial intelligence ] [ Computer Vision ] [ Deep Learning ]
This paper presents“DeepWare,” a ransomware detection model inspired by deep learning and hardware performance counter (HPC). By imaging the HPC values and restructuring the conventional CNN model, DeepWare can address HPC’s nondeterminism issue by extracting the event-specific and event-wise behavioral features, which allows it to distinguish the ransomware activity from the benign one effectively. The experiment results across ransomware families show that the proposed DeepWare is effective at detecting different classes of ransomware with a 98.6% recall score, which is 84.41%, 60.93%, and 21% improvement over RATAFIA, OC-SVM, and EGB models, respectively.