Behaviour-Aware Hybrid Deep Networks for Detecting Zero-Day and Ransomware Threats
Article Sidebar
Main Article Content
Abstract
Purpose: The rapid escalation of ransomware and zero-day malware attacks poses a significant challenge to conventional signature-based detection systems, which cannot generalise to previously unseen threats. This study aims to develop a robust, scalable, and behaviour-aware malware-detection framework capable of accurately identifying ransomware and zero-day attacks across heterogeneous computing environments. Design/methodology/approach: A novel multi-stage hybrid detection pipeline is proposed that integrates advanced feature selection, deep sequential learning, attention mechanisms, and ensemble classification. Initially, irrelevant and redundant features are eliminated using correlation thresholding, Chi-square analysis, mutual information, and variance-based ranking. To capture latent behavioral patterns, a hybrid Gated Recurrent Unit Temporal Convolutional Network (GRU-TCN) architecture is employed to model long- and short-term temporal dependencies. These representations are further refined using squeeze-and excitation attention-enhanced TCN blocks. Finally, an XG-Fusion framework that combines GRU encoding, dilated residual TCNs, attention-based feature fusion, and focal loss optimisation is introduced to address class imbalance, with XGBoost serving as a meta-classifier for final decision-making. Findings: Experimental evaluations conducted on multiple benchmark datasets demonstrate that the proposed framework consistently outperforms traditional machine learning and baseline deep learning models. Superior performance is achieved in terms of accuracy, precision, recall, F1 Score, and ROC AUC. The hierarchical and attention-driven architecture effectively abstracts malicious behavioral patterns and enhances generalization to previously unseen malware variants. Originality: This work introduces a novel multi-stage hybrid deep learning architecture that synergistically combines sequential behavioural modelling, attention-enhanced feature learning, and ensemble-based classification. The proposed approach offers a forward-looking and reliable solution for proactive detection of ransomware and zero-day malware threats.
Downloads
Article Details
Section
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
References
H. Khalid and W. A. Alawsi, "Hybrid CNN-LSTM Model for Real-Time Detection of Zero-Day Attacks in Heterogeneous IoT Networks," Journal of Information Hiding and Multimedia Signal Processing, vol. 16, no. 3, pp. 1058-1069, 2025.
Available: https://bit.kuas.edu.tw/2025/vol16/N3/18.JIHMSP-250701.pdf
S. Adel, A. Sarah, F. M. Talaat, and M. M. Saafan, "Emerging AI threats in cybercrime: a review of zero-day attacks via machine, deep, and federated learning," Knowledge and Information Systems, vol. 67, no. 11, pp. 10951-10987, 2025, DOI: http://doi.org/10.1007/s10115-025-02556-6.
H. N. Alshareef, "Current Development, Challenges, and Future Trends in Cloud Computing: A Survey," International Journal of Advanced Computer Science and Applications, vol. 14, no. 3, pp. 329-338, 2023, DOI: http://doi.org/10.14569/IJACSA.2023.0140337.
Y. Guo, "A review of machine learning-based zero-day attack detection: Challenges and future directions," Computer Communications, vol. 198, pp. 175–185, 2023, DOI: http://doi.org/10.1016/j.comcom.2022.11.001.
A. De Paola, S. Drago, P. Ferraro, and G. Lo Re, "Detecting Zero-Day Attacks under Concept Drift: An Online Unsupervised Threat Detection System," Journal of Network and Systems Management, vol. 32, no. 3, p. 54, 2024, DOI: http://doi.org/10.1007/s10922-024-09821-z.
Mupila, F. K., Gupta, H., & Bhardwaj, A. (2023). AI-driven adaptive access control in multi-cloud environments: A cognitive security framework. Journal of Information Security and Applications, 10(28), 1–15. DOI: https://doi.org/10.52783/jisem.v10i28s.4345.
A. Yousif, D. Siale, Q. Mustafa, Z. Hassan, M. Fakhrulddin, and A. Sedeeq, "Enhancing Large-Scale Network Security with a VGG-Net-Based DCNN," Journal of Resilience and Cyber Security, vol. 6, no. 3, pp. 1316-1331, 2025, DOI: http://doi.org/10.18196/jrc.v6i3.25169.
I. Basim, A. Fakhfakh, and A. M. Makhlouf, "A Hybrid Deep Learning Approach for Adaptive Cloud Threat Detection with Integrated CNNs and RNNs," Journal of Resilience and Cyber Security, vol. 6, no. 3, pp. 1129-1141, 2025, DOI: http://doi.org/10.18196/jrc.v6i3.25618.
S. K. Sundaramurthy, N. Ravichandran, A. C. Inaganti, and R. Muppalaneni, "AI-Driven Threat Detection: Leveraging Machine Learning for Real-Time Cybersecurity in Cloud Environments," Artificial Intelligence and Machine Learning Review, vol. 6, no. 1, pp. 23-43, 2025, DOI: http://doi.org/10.69987/AIMLR.2025.60104.
I. H. Rakib, "Deep Learning for Cybersecurity: Recent Advances in Threat Detection and Attack Mitigation," International Journal of Cyber-Security and Digital Forensics, vol. 12, no. 2, pp. 72-81, 2025. [Online]. Available: https://ijcsdf.org
R. Morshedi, "A Comprehensive Review of Deep Learning Techniques for Anomaly Detection in IoT Networks," Engineering Reports, vol. 7, no. 4, p. e70415, 2025, DOI: http://doi.org/10.1002/eng2.70415.
H. Kotb, E. Badr, and F. Sakr, "Recent Studies and Review on Detection of Cyber Threats in Cloud Security Using Artificial Intelligence," Journal of Cloud Computing, vol. 14, no. 1, pp. 13-31, 2025, DOI: http://doi.org/10.21608/jocc.%202025.446635.
M. R. Naeem, R. Amin, and M. Farhan, "Cyber security Enhancements with Reinforcement Learning: A Zero-Day Vulnerability Identification Perspective," PLoS ONE, vol. 20, no. 5, p. e0324595, 2025. DOI: http://doi.org/10.1371/journal.pone.0324595.
A. Alqhatani and S. Mehmood, "Deep Memory for Deep Threats: A Novel Architecture Combining GRUs and Deep Learning," PLOS ONE, vol. 20, no. 6, p. e0332752, 2025, DOI: http://doi.org/10.1371/journal.pone.0332752.
A. J. Aparcana-Tasayco, X. Deng, and J. H. Park, "A Systematic Review of Anomaly Detection in IoT Security," Symmetry, vol. 17, no. 2, p. 201, 2025, DOI: http://doi.org/10.3390/sym17020201.
N. Jayakrishna and N. N. Prasanth, "A Hybrid Deep Learning Model for Detection and Mitigation of DDoS Attacks in VANETs," Scientific Reports, vol. 15, no. 1, art. 34170, 2025, DOI: https://doi.org/10.1038/s41598-025-15215-1
J. Wu, S. Fu, and M. Sarabi, "Introducing a Hybrid Intrusion Detection Method for IoT-Cloud Environments Based on ResNeXt and Improved Ebola Optimization Search Algorithm," Scientific Reports, vol. 15, art. 37612, 2025, DOI: http://doi.org/10.1038/s41598-025-21408-5.
A. V. Nagarjun and S. Rajkumar, "Quantum Deep Learning-Enhanced Ethereum Blockchain for Cloud Security," Blockchain and Cryptocurrencies, vol. 7, no. 4, pp. 321-341, 2025. [Online]. Available: https://blockchainjournal.org
R. Amin, A. Costanzo, L. R. Alzabin, A. Aqdus, S. F. Kamarulzaman, and A. H. Alshehri, "An Efficient Federated Learning-Based Defence Mechanism for Software-Defined Network Cyber Threats Through Machine Learning Models," Scientific Reports, vol. 15, art. 41390, 2025, DOI: http://doi.org/10.1038/s41598-025-25345-1.
C. Christy, A. Nirmala, A. M. O. Teena, and A. I. Amali, "Machine Learning Based Multi-Stage Intrusion Detection System and Feature Selection Ensemble Security in Cloud Assisted Vehicular Ad Hoc Networks," Scientific Reports, vol. 15, art. 27058, 2025, DOI: http://doi.org/10.1038/s41598-025-96303-0.
M. Zahid and T. Singh, "Enhancing Cybersecurity in IoT Systems: A Hybrid Deep Learning Approach," Springer International Publishing, 2024, DOI: http://doi.org/10.1007/s43926-025-00156-y.
N. A. Memon, M. Sultana, E. Afshan, A. Siddiqui, M. Murtaza, and N. A. Memon, "Investigating the Effectiveness of Artificial Intelligence in Detecting Zero-Day Attacks," Lecture Notes in Networks and Systems, vol. 758, pp. 804-817, 2024, DOI: http://doi.org/10.1007/978-981-99-8739-4_67.
S. Ahmed, T. N. Usmani, D. I. Ahmed, R. A. Zafar, M. Z. Hussain, and M. Z. Hasan, "Robust and Explainable Hybrid Deep Learning Model for Real-Time Zero-Day Botnet Detection," Lecture Notes in Networks and Systems, vol. 758, pp. 948-961, 2024. DOI: http://doi.org/10.1007/978-981-99-8739-4_78.
K. Nisioti and G. Spathoulas, "Systematic Review of Approaches and Solutions for Combating Zero-Day Vulnerabilities," ACM Computing Surveys, vol. 56, no. 12, pp. 102071-102091, 2024, DOI: http://doi.org/10.1145/3678789.
S. Kumar, M. A. Bari, and R. Sharma, "Zero-Day Attack Detection in Multi-Tenant Cloud Environments," International Journal of Information Security and Cyber Forensics, vol. 38, no. 3, pp. 427-446, 2024. [Online]. Available: https://ijiscf.org
A. D. Vibhute and V. Nakum, "Deep Learning-Based Network Anomaly Detection and Classification in Cloud Environments," Procedia Computer Science, vol. 232, pp. 1636-1645, 2024, DOI: http://doi.org/10.1016/j.procs.2024.01.161.
S. Najafli, A. Toroghi Haghighat, and B. Karasfi, "A Novel Reinforcement Learning-Based Hybrid Intrusion Detection System on Fog-to-Cloud Computing," The Journal of Supercomputing, vol. 80, pp. 26088-26110, 2024, DOI: http://doi.org/10.1007/s11227-024-06417-x.
M. Aliakbarisani, P. Ghasemi, and A. Bakhshi, "Few-Shot Network Attack Detection with Metric-Fused Prototypical Networks," Computers & Security, vol. 145, p. 103456, 2024, DOI: http://doi.org/10.1016/j.cose.2024.103456.
K. Kowsalyadevi, "Federated Learning-based Routing Vulnerability Analysis and Attack Detection," International Journal of Internet of Things and Web Services, vol. 17, no. 2, pp. 123-139, 2024. DOI: http://doi.org/10.22266/ijies2024.0430.34. M. Atakari, S. Doroudi, and C. Ardakani, "Deep Learning-Based Security Model for ERP-Integrated IoT in Manufacturing," Journal of Manufacturing Technology Management, vol. 35, no. 3, pp. 90-98, 2024, DOI: http://doi.org/10.22266/ijies2024.0430.34.
M. Sajid, K. R. Malik, A. Almogren, T. S. Malik, and A. H. Khan, "Enhancing Intrusion Detection: A Hybrid Machine and Deep Learning Approach," Journal of Cloud Computing, vol. 13, no. 1, p. 25, 2024, DOI: http://doi.org/10.1186/s13677-024-00685-x. A. Almadhor, A. Altalbe, I. Bouazzi, and A. Al Hejaili, "Strengthening Network DDOS Attack Detection in IoT Environments with Federated XAI," IEEE Access, vol. 12, pp. 35421-35436, 2024, DOI: http://doi.org/1.10.1109/ACCESS.2024.3421234.
N. Algarica, I. Winterburn, J. Penrose, and K. Greythorne, "Cryptographic Behavioural Signatures for Ransomware Detection: A Novel Approach," Journal of Cybersecurity and Privacy, vol. 4, no. 3, pp. 401-421, 2024. [Online]. Available:
https://www.mdpi.com/2624-800X/4/3
N. Sahani, R. Zhu, J.-H. Cho, and C.-C. Liu, "Machine Learning-Based Intrusion Detection for Smart Grid Computing: A Survey," ACM Transactions on Cyber-Physical Systems, vol. 7, no. 2, pp. 1-31, 2023. DOI: http://doi.org/1.10.1145/3578366.
Z. He and H. Sayadi, "Image-Based Zero-Day Malware Detection in IoMT Devices: A Hybrid AI Method," Sensors, vol. 23, no. 18, p. 7731, 2023, DOI: http://doi.org/10.3390/s23187731.
D. V. Talati, "Enhancing Multi-Cloud Security with Quantum-Resilient AI for Anomaly Detection," Applied Sciences, vol. 13, no. 2, pp. 629-638, 2023, DOI: http://doi.org/10.3390/app13020629.
S. Ali, G. Adeem, S. U. Rehman, S. Hussain, and S. S. Raza, "Computational Intelligence Approaches for Zero-Day Attack Detection," Journal of Ambient Intelligence and Smart Environments, vol. 14, no. 6, pp. 27-36, 2022, DOI: http://doi.org/10.3233/AIS-200622.
I. H. Sarker, A. I. Khan, Y. B. Abushark, and F. Alsolami, "IoT Security Intelligence: Comprehensive Overview and Machine Learning Solutions," Preprints, 2022, DOI: http://doi.org/10.20944/preprints202203.0087.v1.
B. I. Farhan, B. I. Farhan, and A. D. Jasim, "Survey of Intrusion Detection Using Deep Learning in IoT," International Journal of Cyber Security Management, vol. 3, no. 1, pp. 1-18, 2022. DOI: http://doi.org/10.52866/ijcsm.%202022.01.01.009.
S. S. Mahadik, "Edge-HetIoT Defence Against DDoS Attack Using Learning Techniques," IEEE Transactions on Network and Service Management, vol. 19, no. 4, pp. 3876-3890, 2022. [Online]. Available: https://ieeexplore.ieee.org
H. A. Alamri and V. Thayananthan, "Analysis of Machine Learning for Securing Software-Defined Networking," Procedia Computer Science, vol. 194, pp. 229-236, 2021. DOI: http://doi.org/10.1016/j.procs.2021.10.078.
J. Uddoh, D. Ajiga, B. P. Okare, and T. D. Aduloju, "AI-Based Threat Detection Systems for Cloud Infrastructure," IEEE Transactions on Services Computing, vol. 14, no. 1, pp. 61-67, 2021, DOI: http://doi.org/10.1109/TSC.2020.3041145.
K. I. Iyer, "From Signatures to Behaviour: Evolving Strategies for Next-Generation Intrusion Detection," IEEE Communications Magazine, vol. 59, no. 6, pp. 165-171, 2021, DOI: http://doi.org/10.1109/MCOM.2021.9459216.
M. P. Novaes, L. F. Carvalho, J. Lloret, and M. L. Proencaa, "Adversarial Deep Learning Detection and Defence Against DDoS in SDN," IEEE Access, vol. 9, pp. 156-167, 2021, DOI: http://doi.org/10.1109/ACCESS.2021.3078956.
J. Iong and Z. Chen, "IoT Authentication and Access Control by Hybrid Deep Learning Method," International Journal of Advanced Computer Science and Applications, vol. 12, no. 4, pp. 236-245, 2021. [Online]. Available: https://ijacsa.thesai.org
H. Hindy, R. Atkinson, C. Tachtatzis, J. Colin, E. Bayne, and X. Bellekens, "Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection," Electronics, vol. 9, no. 10, p. 1684, 2020, DOI: http://doi.org/10.3390/electronics9101684.
I. Alrashdi and A. Alqazzaz, "FBAD: Fog-Based Attack Detection for IoT Healthcare in Smart Cities," in Proceedings of the 12th International Conference on Software, Knowledge, Information Management and Applications (SKIMA), pp. 515-522, 2020.DOI: https://doi.org/10.1109/UEMCON47517.2019.8992963
B. A. S. Al-rimy, M. A. Maarof, Y. A. Prasetyo, Z. M. Shaid, A. Fadillah, and M. Ariffin, "Zero-Day Aware Decision Fusion-Based Model for Crypto-Ransomware Detection," International Journal of Advanced Computer Science and Applications, vol. 9, no. 1, pp. 82-88, 2018, DOI: http://doi.org/1.10.14569/IJACSA.2018.090111.