Related papers: Hierarchical Entropic Diffusion for Ransomware Detection: A Probabilistic Approach to Behavioral Anomaly Isolation

Hierarchical Entropic Diffusion for Ransomware Detection: A Probabilistic Approach to Behavioral Anomaly Isolation

URL: http://arxiv.org/abs/2502.03882v1
Date: Thu, 06 Feb 2025 08:55:11 GMT
Title: Hierarchical Entropic Diffusion for Ransomware Detection: A Probabilistic Approach to Behavioral Anomaly Isolation
Authors: Vasili Iskorohodov, Maximilian Ravensdale, Matthias von Holstein, Hugo Petrovic, Adrian Yardley,
Abstract summary: This paper introduces a structured entropy-based anomaly classification mechanism.<n>It tracks fluctuations in entropy evolution to differentiate between benign cryptographic processes and unauthorized encryption attempts.<n>It maintains high classification accuracy across diverse ransomware families, outperforming traditional-based and signature-driven approaches.
Score: 0.0
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: The increasing complexity of cryptographic extortion techniques has necessitated the development of adaptive detection frameworks capable of identifying adversarial encryption behaviors without reliance on predefined signatures. Hierarchical Entropic Diffusion (HED) introduces a structured entropy-based anomaly classification mechanism that systematically tracks fluctuations in entropy evolution to differentiate between benign cryptographic processes and unauthorized encryption attempts. The integration of hierarchical clustering, entropy profiling, and probabilistic diffusion modeling refines detection granularity, ensuring that encryption anomalies are identified despite obfuscation strategies or incremental execution methodologies. Experimental evaluations demonstrated that HED maintained high classification accuracy across diverse ransomware families, outperforming traditional heuristic-based and signature-driven approaches while reducing false positive occurrences. Comparative analysis highlighted that entropy-driven anomaly segmentation improved detection efficiency under variable system workload conditions, ensuring real-time classification feasibility. The computational overhead associated with entropy anomaly detection remained within operational constraints, reinforcing the suitability of entropy-driven classification for large-scale deployment. The ability to identify adversarial entropy manipulations before encryption completion contributes to broader cybersecurity defenses, offering a structured methodology for isolating unauthorized cryptographic activities within heterogeneous computing environments. The results further emphasized that entropy evolution modeling facilitates predictive anomaly detection, enhancing resilience against encryption evasion techniques designed to circumvent traditional detection mechanisms.

Related papers

Theoretical Insights in Model Inversion Robustness and Conditional Entropy Maximization for Collaborative Inference Systems [89.35169042718739]
collaborative inference enables end users to leverage powerful deep learning models without exposure of sensitive raw data to cloud servers. Recent studies have revealed that these intermediate features may not sufficiently preserve privacy, as information can be leaked and raw data can be reconstructed via model inversion attacks (MIAs) This work first theoretically proves that the conditional entropy of inputs given intermediate features provides a guaranteed lower bound on the reconstruction mean square error (MSE) under any MIA. Then, we derive a differentiable and solvable measure for bounding this conditional entropy based on the Gaussian mixture estimation and propose a conditional entropy algorithm to enhance the inversion robustness
arXiv Detail & Related papers (2025-03-01T07:15:21Z)
A Label-Free Heterophily-Guided Approach for Unsupervised Graph Fraud Detection [60.09453163562244]
We propose a Heterophily-guided Unsupervised Graph fraud dEtection approach (HUGE) for unsupervised GFD. In the estimation module, we design a novel label-free heterophily metric called HALO, which captures the critical graph properties for GFD. In the alignment-based fraud detection module, we develop a joint-GNN architecture with ranking loss and asymmetric alignment loss.
arXiv Detail & Related papers (2025-02-18T22:07:36Z)
A Computational Model for Ransomware Detection Using Cross-Domain Entropy Signatures [0.0]
An entropy-based computational framework was introduced to analyze multi-domain system variations. A detection methodology was developed to differentiate between benign and ransomware-induced entropy shifts.
arXiv Detail & Related papers (2025-02-15T07:50:55Z)
Hierarchical Entropy Disruption for Ransomware Detection: A Computationally-Driven Framework [0.0]
Monitoring entropy variations offers an alternative approach to identifying unauthorized data modifications. A framework leveraging hierarchical entropy disruption was introduced to analyze deviations in entropy distributions. evaluating the framework across multiple ransomware variants demonstrated its capability to achieve high detection accuracy.
arXiv Detail & Related papers (2025-02-12T23:29:06Z)
Neural Encrypted State Transduction for Ransomware Classification: A Novel Approach Using Cryptographic Flow Residuals [0.0]
An approach based on Neural Encrypted State Transduction (NEST) is introduced to analyze cryptographic flow residuals. NEST maps state transitions dynamically, enabling high-confidence classification without requiring direct access to decrypted execution traces.
arXiv Detail & Related papers (2025-02-07T21:26:51Z)
Semantic Entanglement-Based Ransomware Detection via Probabilistic Latent Encryption Mapping [0.0]
Probabilistic Latent Encryption Mapping models encryption behaviors through statistical representations of entropy deviations and probabilistic dependencies in execution traces.<n> Evaluations demonstrate that entropy-driven classification reduces false positive rates while maintaining high detection accuracy across diverse ransomware families and encryption methodologies.<n>The ability to systematically infer encryption-induced deviations without requiring static attack signatures strengthens detection against adversarial evasion techniques.
arXiv Detail & Related papers (2025-02-04T21:27:58Z)
Spectral Entanglement Fingerprinting: A Novel Framework for Ransomware Detection Using Cross-Frequency Anomalous Waveform Signatures [0.0]
Malicious encryption techniques continue to evolve, bypassing conventional detection mechanisms.<n> Spectral analysis presents an alternative approach that transforms system activity data into the frequency domain.<n>The proposed Spectral Entanglement Fingerprinting (SEF) framework leverages power spectral densities, coherence functions, and entropy-based metrics to extract hidden patterns.
arXiv Detail & Related papers (2025-02-03T11:46:41Z)
Hierarchical Cryptographic Signature Mapping for Ransomware Classification: A Structural Decomposition Approach [0.0]
A hierarchical classification framework designed to analyze structural cryptographic properties provides a novel approach to distinguishing malicious encryption.<n>The study examines how cryptographic feature mapping facilitates improved classification accuracy.<n>The layered structural analysis further enhances forensic investigations, enabling security analysts to dissect encryption to trace attack origins.
arXiv Detail & Related papers (2025-01-31T13:23:51Z)
Entropy-Synchronized Neural Hashing for Unsupervised Ransomware Detection [0.0]
The Entropy-Synchronized Neural Hashing (ESNH) framework uses entropy-driven hash representations to classify software binaries.<n>The model generates robust and unique hash values that maintain stability even when faced with polymorphic and metamorphic transformations.
arXiv Detail & Related papers (2025-01-30T04:40:57Z)
Hierarchical Pattern Decryption Methodology for Ransomware Detection Using Probabilistic Cryptographic Footprints [0.0]
The framework combines advanced clustering algorithms with machine learning to isolate ransomware-induced anomalies.<n>It effectively distinguishes malicious encryption operations from benign activities while maintaining low false positive rates.<n>The inclusion of real-time anomaly evaluation ensures rapid response capabilities, addressing critical latency challenges in ransomware detection.
arXiv Detail & Related papers (2025-01-25T05:26:17Z)
Continual-MAE: Adaptive Distribution Masked Autoencoders for Continual Test-Time Adaptation [49.827306773992376]
Continual Test-Time Adaptation (CTTA) is proposed to migrate a source pre-trained model to continually changing target distributions. Our proposed method attains state-of-the-art performance in both classification and segmentation CTTA tasks.
arXiv Detail & Related papers (2023-12-19T15:34:52Z)
GIT: Detecting Uncertainty, Out-Of-Distribution and Adversarial Samples using Gradients and Invariance Transformations [77.34726150561087]
We propose a holistic approach for the detection of generalization errors in deep neural networks. GIT combines the usage of gradient information and invariance transformations. Our experiments demonstrate the superior performance of GIT compared to the state-of-the-art on a variety of network architectures.
arXiv Detail & Related papers (2023-07-05T22:04:38Z)
Spatial-Frequency Discriminability for Revealing Adversarial Perturbations [53.279716307171604]
Vulnerability of deep neural networks to adversarial perturbations has been widely perceived in the computer vision community. Current algorithms typically detect adversarial patterns through discriminative decomposition for natural and adversarial data. We propose a discriminative detector relying on a spatial-frequency Krawtchouk decomposition.
arXiv Detail & Related papers (2023-05-18T10:18:59Z)
Validation Diagnostics for SBI algorithms based on Normalizing Flows [55.41644538483948]
This work proposes easy to interpret validation diagnostics for multi-dimensional conditional (posterior) density estimators based on NF. It also offers theoretical guarantees based on results of local consistency. This work should help the design of better specified models or drive the development of novel SBI-algorithms.
arXiv Detail & Related papers (2022-11-17T15:48:06Z)
Self-Supervised Training with Autoencoders for Visual Anomaly Detection [61.62861063776813]
We focus on a specific use case in anomaly detection where the distribution of normal samples is supported by a lower-dimensional manifold. We adapt a self-supervised learning regime that exploits discriminative information during training but focuses on the submanifold of normal examples. We achieve a new state-of-the-art result on the MVTec AD dataset -- a challenging benchmark for visual anomaly detection in the manufacturing domain.
arXiv Detail & Related papers (2022-06-23T14:16:30Z)
ESAD: End-to-end Deep Semi-supervised Anomaly Detection [85.81138474858197]
We propose a new objective function that measures the KL-divergence between normal and anomalous data. The proposed method significantly outperforms several state-of-the-arts on multiple benchmark datasets.
arXiv Detail & Related papers (2020-12-09T08:16:35Z)
The Hidden Uncertainty in a Neural Networks Activations [105.4223982696279]
The distribution of a neural network's latent representations has been successfully used to detect out-of-distribution (OOD) data. This work investigates whether this distribution correlates with a model's epistemic uncertainty, thus indicating its ability to generalise to novel inputs.
arXiv Detail & Related papers (2020-12-05T17:30:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.