Hierarchical Polysemantic Feature Embedding for Autonomous Ransomware Detection

TL;DR

This paper introduces a hierarchical hyperbolic embedding framework for ransomware detection that captures behavioral dependencies, improving accuracy and robustness against obfuscation and polymorphism in malware detection.

Contribution

The novel hierarchical polysemantic feature embedding approach leverages hyperbolic space to enhance ransomware detection, outperforming traditional models in accuracy and adaptability.

Findings

Outperforms conventional machine learning models in detection accuracy.

Maintains low false positive rates across diverse ransomware variants.

Effective against obfuscation, polymorphism, and delayed execution techniques.

Abstract

The evolution of ransomware requires the development of more sophisticated detection methodologies capable of identifying malicious behaviors beyond traditional signature-based and heuristic techniques. The proposed Hierarchical Polysemantic Feature Embedding framework introduces a structured approach to ransomware detection through hyperbolic feature representations that capture hierarchical dependencies within executable behaviors. By embedding ransomware-relevant features into a non-Euclidean space, the framework maintains a well-defined decision boundary, ensuring improved generalization across previously unseen ransomware variants. Experimental evaluations demonstrated that the framework consistently outperformed conventional machine learning-based models, achieving higher detection accuracy while maintaining low false positive rates. The structured clustering mechanism employed within the hyperbolic space enabled robust classification even in the presence of obfuscation techniques, delayed execution strategies, and polymorphic transformations. Comparative analysis highlighted the limitations of existing detection frameworks, particularly in their inability to dynamically adapt to evolving ransomware tactics. Computational efficiency assessments indicated that the proposed method maintained a balance between detection performance and processing overhead, making it a viable candidate for real-world cybersecurity applications. The ability to detect emerging ransomware families without requiring extensive retraining demonstrated the adaptability of hierarchical embeddings in security analytics.