The aim of this study is to propose and evaluate an advanced ransomware detection and classification method that combines a Stacked Autoencoder (SAE) for precise feature selection with a Long Short Term Memory (LSTM) classifier to enhance ransomware stratification accuracy. The proposed approach involves thorough pre processing of the UGRansome dataset and training an unsupervised SAE for optimal feature selection or fine tuning via supervised learning to elevate the LSTM model's classification capabilities. The study meticulously analyzes the autoencoder's learned weights and activations to identify essential features for distinguishing ransomware families from other malware and creates a streamlined feature set for precise classification. Extensive experiments, including up to 400 epochs and varying learning rates, are conducted to optimize the model's performance. The results demonstrate the outstanding performance of the SAE-LSTM model across all ransomware families, boasting high precision, recall, and F1 score values that underscore its robust classification capabilities. Furthermore, balanced average scores affirm the proposed model's ability to generalize effectively across various malware types. The proposed model achieves an exceptional 99% accuracy in ransomware classification, surpassing the Extreme Gradient Boosting (XGBoost) algorithm primarily due to its effective SAE feature selection mechanism. The model also demonstrates outstanding performance in identifying signature attacks, achieving a 98% accuracy rate.

翻译：本研究旨在提出并评估一种先进的勒索软件检测与分类方法，该方法结合了用于精确特征选择的堆叠自编码器（SAE）与长短期记忆（LSTM）分类器，以提升勒索软件分类的准确性。所提出的方法包括对UGRansome数据集进行彻底的预处理，并通过训练无监督SAE实现最优特征选择，或通过监督学习进行微调以提升LSTM模型的分类能力。研究深入分析了自编码器学习到的权重和激活值，以识别区分勒索软件家族与其他恶意软件的关键特征，并构建了精简的特征集用于精确分类。通过开展多达400个训练周期和不同学习率的广泛实验，对模型性能进行了优化。结果表明，SAE-LSTM模型在所有勒索软件家族中均表现出色，具有高精确率、召回率和F1分数，体现了其强大的分类能力。此外，平衡的平均分数验证了所提模型在不同恶意软件类型上的有效泛化能力。该模型在勒索软件分类中达到了99%的卓越准确率，主要由于其有效的SAE特征选择机制，优于极端梯度提升（XGBoost）算法。该模型在识别签名攻击方面也表现出色，准确率达到98%。