Please use this identifier to cite or link to this item:
https://hdl.handle.net/10356/183928| Title: | Detecting ransomware using deep learning and hardware performance counters | Authors: | Hashil Jugjivan | Keywords: | Computer and Information Science | Issue Date: | 2025 | Publisher: | Nanyang Technological University | Source: | Hashil Jugjivan (2025). Detecting ransomware using deep learning and hardware performance counters. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/183928 | Project: | CCDS24-0098 | Abstract: | Ransomware has emerged as a significant cybersecurity threat, inflicting severe consequences including data loss, operational paralysis, reputational damage, and financial devastation. With global ransomware damages projected to reach $265 billion annually by 2031, organisations and individuals alike face increasingly sophisticated attacks that can cripple critical infrastructure and compromise sensitive information. Traditional detection approaches using static and dynamic analysis face limitations including ineffectiveness against zero-day attacks, high system overheads, and evasion techniques employed by modern ransomware. This project proposes an innovative approach for ransomware detection utilising Hardware Performance Counters (HPCs) and deep learning techniques. This project first analyses the limitations of existing ransomware detection methods to establish the case for hardware-based detection. Multiple deep learning architectures including Convolutional Neural Networks (CNN), hybrid CNN-RNN, Long Short-Term Memory (LSTM) networks, and Transformers are then developed and evaluated to process temporal and sequential HPC data. Furthermore, Neural Architecture Search (NAS) is applied to optimise these architectures, significantly enhancing detection accuracy while reducing model complexity. Extensive evaluations reveal that the NAS-optimised models achieve up to 99.14% accuracy, outperforming state-of-the-art frameworks including HiPeR (98.68%) and DeepWare (98.6%). The NAS-LSTM model emerges as the most efficient solution, achieving superior performance with only 16,769 parameters. This approach enables effective ransomware detection during the critical pre-encryption phase while maintaining minimal system overhead. The findings demonstrate that microarchitectural events captured by HPCs when analysed through optimised deep learning models, provide an effective method for ransomware detection that overcomes many limitations of traditional approaches. | URI: | https://hdl.handle.net/10356/183928 | Schools: | College of Computing and Data Science | Fulltext Permission: | restricted | Fulltext Availability: | With Fulltext |
| Appears in Collections: | CCDS Student Reports (FYP/IA/PA/PI) |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| Hashil Jugjivan FYP Report.pdf Restricted Access | FYP Report on Detecting Ransomware using Deep Learning and Hardware Performance Counters | 3.12 MB | Adobe PDF | View/Open |
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.