Hierarchical Entropy Disruption for Ransomware Detection: A Computationally-Driven Framework

• URL: http://arxiv.org/abs/2502.08843v1
• Date: Wed, 12 Feb 2025 23:29:06 GMT
• Title: Hierarchical Entropy Disruption for Ransomware Detection: A Computationally-Driven Framework
• Authors: Hayden Srynn, Gilbert Pomeroy, Florence Lytton, Godfrey Ashcombe, Valentine Harcourt, Duncan Pettigrew,
• Abstract summary: Monitoring entropy variations offers an alternative approach to identifying unauthorized data modifications.<n>A framework leveraging hierarchical entropy disruption was introduced to analyze deviations in entropy distributions.<n> evaluating the framework across multiple ransomware variants demonstrated its capability to achieve high detection accuracy.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: The rapid evolution of encryption-based threats has rendered conventional detection mechanisms increasingly ineffective against sophisticated attack strategies. Monitoring entropy variations across hierarchical system levels offers an alternative approach to identifying unauthorized data modifications without relying on static signatures. A framework leveraging hierarchical entropy disruption was introduced to analyze deviations in entropy distributions, capturing behavioral anomalies indicative of malicious encryption operations. Evaluating the framework across multiple ransomware variants demonstrated its capability to achieve high detection accuracy while maintaining minimal computational overhead. Entropy distributions across different system directories revealed that encryption activities predominantly targeted user-accessible files, aligning with observed attacker strategies. Detection latency analysis indicated that early-stage identification was feasible, mitigating potential data loss before critical system impact occurred. The framework's ability to operate efficiently in real-time environments was validated through an assessment of resource utilization, confirming a balanced trade-off between detection precision and computational efficiency. Comparative benchmarking against established detection methods highlighted the limitations of conventional approaches in identifying novel ransomware variants, whereas entropy-based anomaly detection provided resilience against obfuscation techniques.

Related papers

• Lie Detector: Unified Backdoor Detection via Cross-Examination Framework [68.45399098884364]
  We propose a unified backdoor detection framework in the semi-honest setting. Our method achieves superior detection performance, improving accuracy by 5.4%, 1.6%, and 11.9% over SoTA baselines. Notably, it is the first to effectively detect backdoors in multimodal large language models.
  arXiv  Detail & Related papers  (2025-03-21T06:12:06Z)
• Robust Distribution Alignment for Industrial Anomaly Detection under Distribution Shift [51.24522135151649]
  Anomaly detection plays a crucial role in quality control for industrial applications. Existing methods attempt to address domain shifts by training generalizable models. Our proposed method demonstrates superior results compared with state-of-the-art anomaly detection and domain adaptation methods.
  arXiv  Detail & Related papers  (2025-03-19T05:25:52Z)
• A Computational Model for Ransomware Detection Using Cross-Domain Entropy Signatures [0.0]
  An entropy-based computational framework was introduced to analyze multi-domain system variations. A detection methodology was developed to differentiate between benign and ransomware-induced entropy shifts.
  arXiv  Detail & Related papers  (2025-02-15T07:50:55Z)
• Decentralized Entropy-Driven Ransomware Detection Using Autonomous Neural Graph Embeddings [0.0]
  The framework operates on a distributed network of nodes, eliminating single points of failure and enhancing resilience against targeted attacks.<n>The integration of graph-based modeling and machine learning techniques enables the framework to capture complex system interactions.<n>Case studies validate its effectiveness in real-world scenarios, showcasing its ability to detect and mitigate ransomware attacks within minutes of their initiation.
  arXiv  Detail & Related papers  (2025-02-11T11:59:10Z)
• Hierarchical Polysemantic Feature Embedding for Autonomous Ransomware Detection [0.0]
  The evolution of ransomware requires the development of more sophisticated detection techniques.<n>The proposed framework embeds ransomware-relevant features into a non-Euclidean space.<n> Experimental evaluations demonstrated that the framework consistently outperformed conventional machine learning-based models.<n>The proposed method maintains a balance between detection performance and processing overhead, making it a viable candidate for real-world cybersecurity applications.
  arXiv  Detail & Related papers  (2025-02-09T21:46:36Z)
• Hierarchical Entropic Diffusion for Ransomware Detection: A Probabilistic Approach to Behavioral Anomaly Isolation [0.0]
  This paper introduces a structured entropy-based anomaly classification mechanism.<n>It tracks fluctuations in entropy evolution to differentiate between benign cryptographic processes and unauthorized encryption attempts.<n>It maintains high classification accuracy across diverse ransomware families, outperforming traditional-based and signature-driven approaches.
  arXiv  Detail & Related papers  (2025-02-06T08:55:11Z)
• Semantic Entanglement-Based Ransomware Detection via Probabilistic Latent Encryption Mapping [0.0]
  Probabilistic Latent Encryption Mapping models encryption behaviors through statistical representations of entropy deviations and probabilistic dependencies in execution traces.<n> Evaluations demonstrate that entropy-driven classification reduces false positive rates while maintaining high detection accuracy across diverse ransomware families and encryption methodologies.<n>The ability to systematically infer encryption-induced deviations without requiring static attack signatures strengthens detection against adversarial evasion techniques.
  arXiv  Detail & Related papers  (2025-02-04T21:27:58Z)
• Hierarchical Pattern Decryption Methodology for Ransomware Detection Using Probabilistic Cryptographic Footprints [0.0]
  The framework combines advanced clustering algorithms with machine learning to isolate ransomware-induced anomalies.<n>It effectively distinguishes malicious encryption operations from benign activities while maintaining low false positive rates.<n>The inclusion of real-time anomaly evaluation ensures rapid response capabilities, addressing critical latency challenges in ransomware detection.
  arXiv  Detail & Related papers  (2025-01-25T05:26:17Z)
• How adversarial attacks can disrupt seemingly stable accurate classifiers [76.95145661711514]
  Adversarial attacks dramatically change the output of an otherwise accurate learning system using a seemingly inconsequential modification to a piece of input data. Here, we show that this may be seen as a fundamental feature of classifiers working with high dimensional input data. We introduce a simple generic and generalisable framework for which key behaviours observed in practical systems arise with high probability.
  arXiv  Detail & Related papers  (2023-09-07T12:02:00Z)
• Spatial-Frequency Discriminability for Revealing Adversarial Perturbations [53.279716307171604]
  Vulnerability of deep neural networks to adversarial perturbations has been widely perceived in the computer vision community. Current algorithms typically detect adversarial patterns through discriminative decomposition for natural and adversarial data. We propose a discriminative detector relying on a spatial-frequency Krawtchouk decomposition.
  arXiv  Detail & Related papers  (2023-05-18T10:18:59Z)
• Self-Supervised Training with Autoencoders for Visual Anomaly Detection [61.62861063776813]
  We focus on a specific use case in anomaly detection where the distribution of normal samples is supported by a lower-dimensional manifold. We adapt a self-supervised learning regime that exploits discriminative information during training but focuses on the submanifold of normal examples. We achieve a new state-of-the-art result on the MVTec AD dataset -- a challenging benchmark for visual anomaly detection in the manufacturing domain.
  arXiv  Detail & Related papers  (2022-06-23T14:16:30Z)
• Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
  This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
  arXiv  Detail & Related papers  (2021-01-28T16:38:26Z)
• No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems [95.54151664013011]
  We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system. We analyze four anomaly detectors published at top security conferences.
  arXiv  Detail & Related papers  (2020-12-07T11:02:44Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.