RS-FEDRADmRobust and Scalable Federated Ransomware Detection Using TTP-Enhanced Dataset

Author : Chinonso

Abstract :Ransomware continues to pose a significant challenge to the cyberspace industry, with rising frequency and complexity threatening data integrity, availability, and confidentiality. Current detection methods often fail to effectively address modern ransomware due to inadequate feature sets and over reliance on centralized architectures, posing privacy and scalability challenges. We present RS FEDRAD, a robust and scalable federated learning (FL)-based ransomware detection system that combines FL with deep dynamic analysis, using a novel Tactics, Techniques, and Procedures (TTP) enhanced dataset to overcome these limitations. This approach f irst captures critical ransom-ware behavioral attributes such as application programming interface (API) calls, dynamic link library (DLL) usage, and mutual exclusion (Mutex) operations, before mapping them to their corresponding ransomware-related TTPs using the MITRE ATT@CK framework. Extensive experimental evaluations highlight the effectiveness of the framework against unknown black-box and known white-box attacks, utilizing a hybrid convolutional neural network (CNN) and long short-term memory (LSTM) to achieve an impressive accuracy of 99.90% and an average federated accuracy of 99.50%. RS-FEDRAD offers a scalable, privacy preserving solution that enhances ransomware detection and understanding of attacker strategies through its TTP-enhanced feature set., advancing ransomware mitigation with adaptive, decentralized, and robust security for today’s rapidly evolving threat landscape.

Keywords :Deep learning, Dynamic analysis, Federated learning, MITRE ATT@CK framework, Ransomware detection, TTP enhanced dataset.

Conference Name :International Conference on Computer Science (ICOCS-25)

Conference Place Wuhan, China

Conference Date 12th Apr 2025