Hierarchical Entropy Disruption for Ransomware Detection: A Computationally-Driven Framework

TL;DR

This paper presents a hierarchical entropy disruption framework for ransomware detection that effectively identifies malicious encryption activities by analyzing entropy deviations across system levels, offering high accuracy with low computational cost.

Contribution

It introduces a novel entropy-based detection framework that captures behavioral anomalies at multiple system levels, improving early detection of ransomware variants over traditional methods.

Findings

High detection accuracy across multiple ransomware variants

Low computational overhead suitable for real-time deployment

Resilience against obfuscation techniques in ransomware detection

Abstract

The rapid evolution of encryption-based threats has rendered conventional detection mechanisms increasingly ineffective against sophisticated attack strategies. Monitoring entropy variations across hierarchical system levels offers an alternative approach to identifying unauthorized data modifications without relying on static signatures. A framework leveraging hierarchical entropy disruption was introduced to analyze deviations in entropy distributions, capturing behavioral anomalies indicative of malicious encryption operations. Evaluating the framework across multiple ransomware variants demonstrated its capability to achieve high detection accuracy while maintaining minimal computational overhead. Entropy distributions across different system directories revealed that encryption activities predominantly targeted user-accessible files, aligning with observed attacker strategies. Detection latency analysis indicated that early-stage identification was feasible, mitigating potential data loss before critical system impact occurred. The framework's ability to operate efficiently in real-time environments was validated through an assessment of resource utilization, confirming a balanced trade-off between detection precision and computational efficiency. Comparative benchmarking against established detection methods highlighted the limitations of conventional approaches in identifying novel ransomware variants, whereas entropy-based anomaly detection provided resilience against obfuscation techniques.