Early-Stage Ransomware Detection Based on Pre-attack Internal API Calls

Ransomware attacks have become one of the main cyber threats to companies and individuals. In recent years, different approaches have been proposed to mitigate such attacks by analyzing ransomware behavior during the infection and post-infection phases. However, few works focused on early-stage ransomware detection. The analysis of recent ransomware has shown that they are designed to perform sensing activities to evade detection by known anti-viruses and anti-malware software. This paper proposes an early-stage ransomware detector based on a neural network model for multi-class classification. Our model achieves 80.00% accuracy on our dataset and 93.00% on another state-of-the-art dataset [10]. We show that our model performs better than the state-of-the-art approaches, especially on a challenging, large, and varied dataset we made publicly available.