Hierarchical Entropy Disruption for Ransomware Detection: A Computationally-Driven Framework
Journal:
arXiv
Published Date:
Feb 12, 2025
Abstract
The rapid evolution of encryption-based threats has rendered conventional
detection mechanisms increasingly ineffective against sophisticated attack
strategies. Monitoring entropy variations across hierarchical system levels
offers an alternative approach to identifying unauthorized data modifications
without relying on static signatures. A framework leveraging hierarchical
entropy disruption was introduced to analyze deviations in entropy
distributions, capturing behavioral anomalies indicative of malicious
encryption operations. Evaluating the framework across multiple ransomware
variants demonstrated its capability to achieve high detection accuracy while
maintaining minimal computational overhead. Entropy distributions across
different system directories revealed that encryption activities predominantly
targeted user-accessible files, aligning with observed attacker strategies.
Detection latency analysis indicated that early-stage identification was
feasible, mitigating potential data loss before critical system impact
occurred. The framework's ability to operate efficiently in real-time
environments was validated through an assessment of resource utilization,
confirming a balanced trade-off between detection precision and computational
efficiency. Comparative benchmarking against established detection methods
highlighted the limitations of conventional approaches in identifying novel
ransomware variants, whereas entropy-based anomaly detection provided
resilience against obfuscation techniques.
