Ensemble Deep Learning Ransomware Detector
A Deep Learning ensemble that classifies Windows executable files as either benign, ransomware, or other malware. This program was developed as part of my dissertation for my BSc (Hons) Computer Science course at the University of Lincoln: 'Ransomware Detection Using Deep Learning Ensemble' in which it is demonstrated to achieve 96% accuracy in classifying a test set of 3000 '.exe' files not seen in the model's training.
This project uses Python 3. For the GUI detector program
ensemblePredict.py, the following python packages must be installed: tensorflow, keras, h5py, capstone, pefile, numpy, and scikit-learn. These can be installed via the terminal or command prompt command
pip install tensorflow keras h5py capstone pefile numpy scikit-learn. Then simply run the script with
python ensemblePredict.py. You should be greeted by a file selection dialog with which you can select one or more '.exe' files, then click 'Open' and the deep learning ensemble will predict if they are benign, ransomware, or other malware.
Source code for training and pre-processing for the ensemble's two models, in the folders
bin-utf8-vec, should run with the same pre-requisites, though
tensorflow-gpu is recommended to acheive reasonable training times. I am not licenced to distribute the benign samples used to train the models, but these can be downloaded by installing BeautifulSoup with
pip install beautifulsoup4 and running
python benignFreewareDownloader.py. Malware and ransomware samples were obtained from torrents available from VirusShare.com, after being vetted by the site's admin. Details about the particular torrents used, among other details of the model and its development can be found in this project's report.