A Computational Model for Ransomware Detection Using Cross-Domain Entropy Signatures

• URL: http://arxiv.org/abs/2502.10711v1
• Date: Sat, 15 Feb 2025 07:50:55 GMT
• Title: A Computational Model for Ransomware Detection Using Cross-Domain Entropy Signatures
• Authors: Michael Mannon, Evan Statham, Quentin Featherstone, Sebastian Arkwright, Clive Fenwick, Gareth Willoughby,
• Abstract summary: An entropy-based computational framework was introduced to analyze multi-domain system variations. A detection methodology was developed to differentiate between benign and ransomware-induced entropy shifts.
• Score: 0.0
• License:
• Abstract: Detecting encryption-driven cyber threats remains a large challenge due to the evolving techniques employed to evade traditional detection mechanisms. An entropy-based computational framework was introduced to analyze multi-domain system variations, enabling the identification of malicious encryption behaviors through entropy deviations. By integrating entropy patterns across file operations, memory allocations, and network transmissions, a detection methodology was developed to differentiate between benign and ransomware-induced entropy shifts. A mathematical model was formulated to quantify entropy dynamics, incorporating time-dependent variations and weighted domain contributions to enhance anomaly detection. Experimental evaluations demonstrated that the proposed approach achieved high accuracy across diverse ransomware families while maintaining low false positive rates. Computational efficiency analysis indicated minimal processing overhead, suggesting feasibility for real-time implementation in security-sensitive environments. The study highlighted entropy fluctuations as a useful indicator for identifying malicious encryption processes, reinforcing entropy-driven methodologies as a viable component of cybersecurity strategies.

Related papers

• Hierarchical Entropy Disruption for Ransomware Detection: A Computationally-Driven Framework [0.0]
  Monitoring entropy variations offers an alternative approach to identifying unauthorized data modifications. A framework leveraging hierarchical entropy disruption was introduced to analyze deviations in entropy distributions. evaluating the framework across multiple ransomware variants demonstrated its capability to achieve high detection accuracy.
  arXiv  Detail & Related papers  (2025-02-12T23:29:06Z)
• Decentralized Entropy-Driven Ransomware Detection Using Autonomous Neural Graph Embeddings [0.0]
  The framework operates on a distributed network of nodes, eliminating single points of failure and enhancing resilience against targeted attacks. The integration of graph-based modeling and machine learning techniques enables the framework to capture complex system interactions. Case studies validate its effectiveness in real-world scenarios, showcasing its ability to detect and mitigate ransomware attacks within minutes of their initiation.
  arXiv  Detail & Related papers  (2025-02-11T11:59:10Z)
• Hierarchical Entropic Diffusion for Ransomware Detection: A Probabilistic Approach to Behavioral Anomaly Isolation [0.0]
  This paper introduces a structured entropy-based anomaly classification mechanism. It tracks fluctuations in entropy evolution to differentiate between benign cryptographic processes and unauthorized encryption attempts. It maintains high classification accuracy across diverse ransomware families, outperforming traditional-based and signature-driven approaches.
  arXiv  Detail & Related papers  (2025-02-06T08:55:11Z)
• Entropy-Synchronized Neural Hashing for Unsupervised Ransomware Detection [0.0]
  The Entropy-Synchronized Neural Hashing (ESNH) framework uses entropy-driven hash representations to classify software binaries. The model generates robust and unique hash values that maintain stability even when faced with polymorphic and metamorphic transformations.
  arXiv  Detail & Related papers  (2025-01-30T04:40:57Z)
• Hierarchical Pattern Decryption Methodology for Ransomware Detection Using Probabilistic Cryptographic Footprints [0.0]
  The framework combines advanced clustering algorithms with machine learning to isolate ransomware-induced anomalies. It effectively distinguishes malicious encryption operations from benign activities while maintaining low false positive rates. The inclusion of real-time anomaly evaluation ensures rapid response capabilities, addressing critical latency challenges in ransomware detection.
  arXiv  Detail & Related papers  (2025-01-25T05:26:17Z)
• Open-Set Deepfake Detection: A Parameter-Efficient Adaptation Method with Forgery Style Mixture [58.60915132222421]
  We introduce an approach that is both general and parameter-efficient for face forgery detection. We design a forgery-style mixture formulation that augments the diversity of forgery source domains. We show that the designed model achieves state-of-the-art generalizability with significantly reduced trainable parameters.
  arXiv  Detail & Related papers  (2024-08-23T01:53:36Z)
• GIT: Detecting Uncertainty, Out-Of-Distribution and Adversarial Samples using Gradients and Invariance Transformations [77.34726150561087]
  We propose a holistic approach for the detection of generalization errors in deep neural networks. GIT combines the usage of gradient information and invariance transformations. Our experiments demonstrate the superior performance of GIT compared to the state-of-the-art on a variety of network architectures.
  arXiv  Detail & Related papers  (2023-07-05T22:04:38Z)
• Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
  We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks. We present an adversarial training strategy that mitigates the impact of such simulated attacks.
  arXiv  Detail & Related papers  (2022-03-25T19:57:19Z)
• Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
  This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
  arXiv  Detail & Related papers  (2021-01-28T16:38:26Z)
• A Hamiltonian Monte Carlo Method for Probabilistic Adversarial Attack and Learning [122.49765136434353]
  We present an effective method, called Hamiltonian Monte Carlo with Accumulated Momentum (HMCAM), aiming to generate a sequence of adversarial examples. We also propose a new generative method called Contrastive Adversarial Training (CAT), which approaches equilibrium distribution of adversarial examples. Both quantitative and qualitative analysis on several natural image datasets and practical systems have confirmed the superiority of the proposed algorithm.
  arXiv  Detail & Related papers  (2020-10-15T16:07:26Z)
• Scalable Backdoor Detection in Neural Networks [61.39635364047679]
  Deep learning models are vulnerable to Trojan attacks, where an attacker can install a backdoor during training time to make the resultant model misidentify samples contaminated with a small trigger patch. We propose a novel trigger reverse-engineering based approach whose computational complexity does not scale with the number of labels, and is based on a measure that is both interpretable and universal across different network and patch types. In experiments, we observe that our method achieves a perfect score in separating Trojaned models from pure models, which is an improvement over the current state-of-the art method.
  arXiv  Detail & Related papers  (2020-06-10T04:12:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.