A Hybrid Deep Learning Model for Enhanced Detection of Zero-Day
and Ransomware Attacks
Mohammed Ibrahim Kareem1,∗, Aladdin Abdulhassan2, Abdullah Yousif Lafta3,
Hussein Ibrahim Hussein4, Ali Z. K. Matloob1
1Department of Cybersecurity, College of Information Technology, University of Babylon, Hillah, 51002,
Babylon, Iraq
2College of Information Technology, University of Babylon, Hillah, 51002, Babylon, Iraq
3College of Engineering, Al-Nahrain University, Baghdad, Iraq
4Al-Department of Computer Techniques Engineering, AlSafwa University College, Karbala, Iraq
Emails: mohamed.ibrahim@uobabylon.edu.iq; Aladdin.alsharifi@uobabylon.edu.iq;
abdullah.yousif@nahrainuniv.edu.iq; hussein.sarhan@alsafwa.edu.iq; ali.zuhair@uobabylon.edu.iq
Abstract
The increasing sophistication of ransomware and zero-day attacks demands advanced intrusion detection sys-
tems. This paper proposes a hybrid deep learning model that combines Temporal Convolutional Networks
(TCN) and Long Short-Term Memory (LSTM) networks, augmented with Principal Component Analysis
(PCA) for feature selection. Evaluated on the UGRansome dataset, our hybrid TCN-LSTM-PCA model
achieves superior performance compared to standalone LSTM, TCN-PCA, and LSTM-PCA baselines, at-
taining 98.82% accuracy (a 4.09 percentage-point improvement over LSTM-PCA) and 0.99 F1-score across
all attack classes while maintaining computational efficiency at 13 seconds per epoch. The architecture’s ef-
fectiveness stems from its synergistic design: TCN layers capture local temporal patterns in network traffic,
while LSTM modules model long-range attack sequences. PCA preprocessing reduces feature dimension-
ality by 83%, retaining seven critical indicators including Netflow Bytes and Protocol flags that collectively
explain 92% of variance. Experimental results demonstrate exceptional robustness, with only 0.18% misclas-
sification between attack categories and consistent performance across ransomware variants. This study sets a
new state of the art in real-time threat detection, delivering an efficient hybrid architecture that satisfies prac-
tical deployment constraints while achieving 98.82% accuracy and 0.99 precision, thereby striking a strong
accuracy–efficiency balance.
Keywords: Hybrid Deep Learning; Ransomware Detection; Zero-Day Attacks; Temporal Convolutional Net-
works (TCN); Long Short-Term Memory (LSTM)