Open Access
ARTICLE
Oversampling-Enhanced Feature Fusion-Based Hybrid ViT-1DCNN Model for Ransomware Cyber Attack Detection
1 Department of Computer and Information System, Cleveland State University, Ohio, 44115, USA
2 Department of Electrical, Electronics and Computer Systems, College of Engineering and Technology, University of Sargodha, Sargodha, 40100, Pakistan
3 Electrical Engineering Department, College of Engineering, Najran University, Najran, 61441, Saudi Arabia
4 Department of Mechanical Engineering, College of Engineering, King Faisal University, Al Ahsa, 31982, Saudi Arabia
5 Department of Mechanical, Industrial and Energy System Engineering, University of Sargodha, Sargodha, 40100, Pakistan
* Corresponding Author: Zohaib Mushtaq. Email:
(This article belongs to the Special Issue: Emerging Technologies in Information Security )
Computer Modeling in Engineering & Sciences 2025, 142(2), 1667-1695. https://doi.org/10.32604/cmes.2024.056850
Received 01 August 2024; Accepted 13 December 2024; Issue published 27 January 2025
Abstract
Ransomware attacks pose a significant threat to critical infrastructures, demanding robust detection mechanisms. This study introduces a hybrid model that combines vision transformer (ViT) and one-dimensional convolutional neural network (1DCNN) architectures to enhance ransomware detection capabilities. Addressing common challenges in ransomware detection, particularly dataset class imbalance, the synthetic minority oversampling technique (SMOTE) is employed to generate synthetic samples for minority class, thereby improving detection accuracy. The integration of ViT and 1DCNN through feature fusion enables the model to capture both global contextual and local sequential features, resulting in comprehensive ransomware classification. Tested on the UNSW-NB15 dataset, the proposed ViT-1DCNN model achieved 98% detection accuracy with precision, recall, and F1-score metrics surpassing conventional methods. This approach not only reduces false positives and negatives but also offers scalability and robustness for real-world cybersecurity applications. The results demonstrate the model’s potential as an effective tool for proactive ransomware detection, especially in environments where evolving threats require adaptable and high-accuracy solutions.Keywords
Cite This Article

This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.