A Computational Model for Ransomware Detection Using Cross-Domain Entropy Signatures

TL;DR

This paper presents a novel entropy-based computational framework that analyzes multi-domain system variations to detect ransomware by identifying malicious encryption behaviors through entropy deviations, demonstrating high accuracy and efficiency.

Contribution

It introduces a cross-domain entropy signature model and a mathematical approach for real-time ransomware detection, advancing existing methods by integrating multi-domain entropy analysis.

Findings

High detection accuracy across diverse ransomware families

Low false positive rates in experimental evaluations

Minimal processing overhead suitable for real-time deployment

Abstract

Detecting encryption-driven cyber threats remains a large challenge due to the evolving techniques employed to evade traditional detection mechanisms. An entropy-based computational framework was introduced to analyze multi-domain system variations, enabling the identification of malicious encryption behaviors through entropy deviations. By integrating entropy patterns across file operations, memory allocations, and network transmissions, a detection methodology was developed to differentiate between benign and ransomware-induced entropy shifts. A mathematical model was formulated to quantify entropy dynamics, incorporating time-dependent variations and weighted domain contributions to enhance anomaly detection. Experimental evaluations demonstrated that the proposed approach achieved high accuracy across diverse ransomware families while maintaining low false positive rates. Computational efficiency analysis indicated minimal processing overhead, suggesting feasibility for real-time implementation in security-sensitive environments. The study highlighted entropy fluctuations as a useful indicator for identifying malicious encryption processes, reinforcing entropy-driven methodologies as a viable component of cybersecurity strategies.