Ransomware Detection Using Convolutional Neural Networks and Isolation Forests in Network Traffic Patterns
Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
Ransomware has rapidly become one of the most disruptive cyber threats, targeting critical infrastructures and sensitive data with sophisticated encryption techniques. The proposed approach introduces a novel combination of Convolutional Neural Networks (CNN) and Isolation Forest (iForest) for detecting ransomware in network traffic patterns, providing a significant alternative to traditional signature-based and heuristic methods. The CNN component effectively captures high-level spatial relationships between packet sequences, while iForest isolates anomalous traffic patterns associated with ransomware activity. The hybrid model demonstrates robust performance in distinguishing between benign and ransomware-infected traffic flows, achieving high accuracy and minimizing false positives. Extensive experiments on publicly available datasets highlight the model’s adaptability in detecting previously unseen ransomware variants, offering scalability and computational efficiency suitable for real-time network monitoring. The findings suggest that this approach has the potential to enhance cybersecurity defenses against evolving ransomware threats.