Detection of ransomware attacks using federated learning based on the CNN model
Hong-Nhung Nguyen, Ha-Thanh Nguyen, Damien Lescos
TL;DR
This work tackles ransomware detection in cyber-physical systems by proposing a privacy-preserving, image-based CNN classifier trained via federated learning. It converts PE binaries into 300x300 grayscale images and uses a compact CNN architecture to distinguish normal from ransomware data, while federated training across multiple clients preserves data privacy. Experiments show high performance, with a CNN baseline achieving near-perfect training/validation accuracy and federated training yielding strong class-wise metrics under realistic privacy constraints. The approach offers a scalable framework for distributed ransomware detection in smart-grid contexts, balancing detection effectiveness with data privacy.
Abstract
Computing is still under a significant threat from ransomware, which necessitates prompt action to prevent it. Ransomware attacks can have a negative impact on how smart grids, particularly digital substations. In addition to examining a ransomware detection method using artificial intelligence (AI), this paper offers a ransomware attack modeling technique that targets the disrupted operation of a digital substation. The first, binary data is transformed into image data and fed into the convolution neural network model using federated learning. The experimental findings demonstrate that the suggested technique detects ransomware with a high accuracy rate.