Introducing Dynamic Entropy Layer Profiling: A Novel Approach for Ransomware Detection through Behavioral Feature Analysis
Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
The persistent evolution of cyber threats necessitates innovative detection frameworks capable of addressing complex ransomware behaviors that evade traditional security systems. Dynamic Entropy Layer Profiling (DELP) introduces a behavior-based approach centered on entropy profiling across multiple file system layers, capturing distinctive shifts in data structure indicative of ransomware encryption. Through real-time entropy analysis, DELP accurately identifies ransomware activity by observing abrupt entropy increases associated with malicious encryption, distinguishing these anomalies from benign operations that also involve high-entropy processes. DELP’s layered structure and adaptive thresholding significantly reduce false positives and negatives, a common limitation in static and heuristic-based systems when handling polymorphic and obfuscated ransomware strains. Extensive testing demonstrated DELP’s resilience and efficiency, maintaining high detection accuracy across diverse ransomware samples while preserving computational efficiency in real-time scenarios. This approach not only enhances specificity in differentiating ransomware from legitimate encryption activities but also illustrates the potential of entropy-based behavioral analysis in elevating ransomware defenses. The findings indicate that DELP’s novel entropy profiling framework provides a valuable addition to current ransomware detection methodologies, offering robustness and precision in countering advanced ransomware attacks.