Ransomware Attack Detection Using CPU And Disk Activity Data
Keywords:
Deep Learning, disk statistics, hardware performance counters, machine learning, ransomware, virtual machinesAbstract
Ransomware is a danger to data security since
it frequently avoids detection by using conventional
techniques that depend on statistical analysis and processlevel
monitoring. A ransomware detection system for virtual
machines (VMs) that is both effective and lightweight is
presented in this paper. The method avoids intrusive
monitoring and reduces overhead by gathering system-level
data—specifically, disk I/O metrics and CPU operations—
from the host environment instead of inside each virtual
machine. The data is analyzed using a Random Forest (RF)
machine learning classifier, which reliably differentiates
between harmful and benign behavior. By reducing false
positives, this technique improves resilience to changes in
user workloads. 22 ransomware samples and a dataset of
numerous normal user behaviors are used to assess the
suggested method, which shows excellent detection accuracy
and flexibility in changing settings. This approach reduces
false positives and improves robustness to changes in user
demands. A dataset of 22 ransomware samples and several
authentic user activities is used to assess the suggested
method, which shows excellent detection accuracy and
flexibility in changing settings. This methodology offers a
reliable, scalable, and non-intrusive method for ransomware
detection in virtualized infrastructures by concentrating on
overall system behavior rather than process inspection.
