Unidirectional and Bidirectional Machine Learning Models for Ransomware Detection via Malicious Opcode Discovery

Ransomware continues to pose a significant threat to both individuals and organisations due to its rapid evolution and increasing sophistication in evading traditional detection methods. A novel approach, leveraging both unidirectional and bidirectional machine learning models, was implemented to improve the detection of ransomware through static opcode analysis. While unidirectional models, such as Random Forest and Support Vector Machines, exhibited reasonable classification accuracy, they were ultimately limited in their capacity to capture the complex contextual relationships within opcode sequences that modern ransomware often exploits. The introduction of a bidirectional model, based on a Long Short-Term Memory (LSTM) architecture, allowed for a more complex analysis of opcode dependencies in both forward and backward directions. Experimental results showed a significant improvement in detection accuracy and recall, particularly when addressing sophisticated ransomware variants that employ opcode reordering or obfuscation techniques. The study demonstrates the critical importance of bidirectional architectures in enhancing the robustness of ransomware detection systems, offering a more comprehensive solution to identifying malicious opcode patterns that evade simpler detection approaches.