A Hybrid Deep Learning Model for Enhanced Detection of Zero-Day and Ransomware Attacks

Journal of Cybersecurity and Information Management JCIM 2690-6775 2769-7851 10.54216/JCIM https://www.americaspg.com/journals/show/4252 2019 2019 A Hybrid Deep Learning Model for Enhanced Detection of Zero-Day and Ransomware Attacks Department of Cybersecurity, College of Information Technology, University of Babylon, Hillah, 51002, Babylon, Iraq Mohammed Mohammed College of Information Technology, University of Babylon, Hillah, 51002, Babylon, Iraq Aladdin Abdulhassan College of Engineering, Al-Nahrain University, Baghdad, Iraq Abdullah Yousif Lafta Al-Department of Computer Techniques Engineering, AlSafwa University College, Karbala, Iraq Hussein Ibrahim Hussein Department of Cybersecurity, College of Information Technology, University of Babylon, Hillah, 51002, Babylon, Iraq Ali Z. K. Matloob The increasing sophistication of ransomware and zero-day attacks demands advanced intrusion detection systems. This paper proposes a hybrid deep learning model that combines Temporal Convolutional Networks (TCN) and Long Short-Term Memory (LSTM) networks, augmented with Principal Component Analysis (PCA) for feature selection. Evaluated on the UGRansome dataset, our hybrid TCN-LSTM-PCA model achieves superior performance compared to standalone LSTM, TCN-PCA, and LSTM-PCA baselines, attaining 98.82% accuracy (a 4.09 percentage-point improvement over LSTM-PCA) and 0.99 F1-score across all attack classes while maintaining computational efficiency at 13 seconds per epoch. The architecture’s effectiveness stems from its synergistic design: TCN layers capture local temporal patterns in network traffic, while LSTM modules model long-range attack sequences. PCA preprocessing reduces feature dimensionality by 83%, retaining seven critical indicators including Netflow Bytes and Protocol flags that collectively explain 92% of variance. Experimental results demonstrate exceptional robustness, with only 0.18% misclassification between attack categories and consistent performance across ransomware variants. This study sets a new state of the art in real-time threat detection, delivering an efficient hybrid architecture that satisfies practical deployment constraints while achieving 98.82% accuracy and 0.99 precision, thereby striking a strong accuracy–efficiency balance. 2026 2026 10.54216/JCIM.170217 https://www.americaspg.com/articleinfo/2/show/4252