Real-Time Behavioral Analysis for Ransomware Response: A Framework Leveraging Machine Learning and Threat Intelligence Feeds

doi:10.23940/ijpe.25.11.p4.639650

Abstract

Abstract: Ransomware represents a critical and evolving threat to global cyber security, employing advanced dropout techniques that make traditional signature-based defenses ineffective. This article proposes a new structure for real-time behavioral analysis to respond to ransomware (R2BAR), which integrates machine learning with threat intelligence feeds to allow proactive detection and automated mitigation. The structure employs a set approach, combining a light gradient increase model (XGBoost) for an efficient initial screening and a short-term memory network (LSTM) for deep sequential analysis of API call patterns. It increases detection accuracy by dynamically correlating behavior with real-time threat intelligence. A critical innovation is the incorporation of an AI (XAI) component using Shape values, which generates transparent justifications for detection decisions, promoting confidence and allowing effective human supervision. Experimental evaluation shows that the structure reaches a 98.1% score and an area under the ROC curve of 0.998, maintaining a low of 2.35 seconds of response time (TTR), effectively interrupting encryption before significant data loss occurs. The results validate that the proposed solution addresses the main limitations of existing methods, balancing high accuracy, operational speed and interpretability, and providing a robust plan for next-generation autonomous ransomware defense systems.

Key words: ransomware detection, behavioral analysis, machine learning, threat intelligence, real-time response

Puneet Chauhan and Shashiraj Teotia. Real-Time Behavioral Analysis for Ransomware Response: A Framework Leveraging Machine Learning and Threat Intelligence Feeds [J]. Int J Performability Eng, 2025, 21(11): 639-650.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References

[1] AlMajali A., Elmosalamy A., Safwat O., and Abouelela H., 2024. Adaptive ransomware detection using similarity-preserving hashing.Applied Sciences, 14(20), 9548.
[2] AlMajali A., Qaffaf A., Alkayid N., and Wadhawan Y., 2022. Crypto-ransomware detection using selective hashing. In2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 328-331.
[3] Alzahrani S., Xiao Y., and Sun W., 2022. An analysis of conti ransomware leaked source codes.IEEE Access, 10, pp. 100178-100193.
[4] Albin Ahmed A., Shaahid A., Alnasser F., Alfaddagh S., Binagag S., and Alqahtani D., 2023. Android ransomware detection using supervised machine learning techniques based on traffic analysis.Sensors, 24(1), 189.
[5] Alzahrani S., Xiao Y., Asiri S., Alasmari N., and Li T., 2025. RansomFormer: A cross-modal transformer architecture for ransomware detection via the fusion of byte and API features. Electronics (2079-9292),14(7).
[6] Cen M., Jiang F., and Doss R., 2025. RansoGuard: A RNN-based framework leveraging pre-attack sensitive APIs for early ransomware detection.Computers & Security, 150, 104293.
[7] El Hariri A., Mouiti M., and Lazaar M., 2025. Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems.Engineering Research Express, 7(1), 015211.
[8] Albshaier L., Almarri S., and Rahman M.H., 2024. Earlier decision on detection of ransomware identification: A comprehensive systematic literature review.Information, 15(8), 484.
[9] Samtani S., Chen H., Kantarcioglu M., and Thuraisingham B., 2022. Explainable artificial intelligence for cyber threat intelligence (XAI-CTI). IEEE Transactions on Dependable and Secure Computing,19(4), pp. 2149-2150.
[10] Sharma D.K., Mishra J., Singh A., Govil R., Srivastava G., and Lin J.C.W., 2022. Explainable artificial intelligence for cybersecurity.Computers and Electrical Engineering, 103, 108356.
[11] Alzahrani S., Xiao Y., and Asiri S., 2023. Conti ransomware development evaluation. InProceedings of the 2023 ACM Southeast Conference, pp. 39-46.
[12] Gómez-Hernández J.A., and García-Teodoro P., 2024. Lightweight crypto-ransomware detection in android based on reactive honeyfile monitoring.Sensors, 24(9), 2679.
[13] Lee Y., Lee J., Ryu D., Park H., and Shin D., 2024. Clop ransomware in action: A comprehensive analysis of its multi-stage tactics.Electronics, 13(18), 3689.
[14] Li J., Yang G., and Shao Y., 2024. Ransomware detection model based on adaptive graph neural network learning.Applied Sciences, 14(11), 4579.
[15] Yamany B., Elsayed M.S., Jurcut A.D., Abdelbaki N., and Azer M.A., 2024. A holistic approach to ransomware classification: leveraging static and dynamic analysis with visualization.Information, 15(1), 46.
[16] Gazzan M., and Sheldon F.T., 2023. An enhanced minimax loss function technique in generative adversarial network for ransomware behavior prediction.Future Internet, 15(10), 318.
[17] Gazzan M., and Sheldon F.T., 2024. An incremental mutual information-selection technique for early ransomware detection.Information, 15(4), 194.
[18] Drabent K., Janowski R., and Mongay Batalla J., 2024. How to circumvent and beat the ransomware in android operating system—A case study of locker. CB! tr.Electronics, 13(11), 2212.
[19] Alqaralleh B.A., Aldhaban F., AlQarallehs E.A., and Al-Omari A.H., 2022. Optimal machine learning enabled intrusion detection in cyber-physical system environment. Comput. Mater. Contin,72(3), pp. 4691-4707.
[20] Sakellariou G., Katsantonis M., and Fouliras P., 2025. Probabilistic measurement of CTI quality for large numbers of unstructured CTI products.Electronics, 14(9), 1826.
[21] Umer M., Sadiq S., Karamti H., Alhebshi R.M., Alnowaiser K., Eshmawi A.A., Song H., and Ashraf I., 2022. Deep learning-based intrusion detection methods in cyber-physical systems: challenges and future trends.Electronics, 11(20), 3326.
[22] Rahima Manzil H.H., and Naik S.M., 2024. Android ransomware detection using a novel hamming distance based feature selection. Journal of Computer Virology and Hacking Techniques,20(1), pp. 71-93.
[23] Li B., Wu Y., Song J., Lu R., Li T., and Zhao L., 2020. DeepFed: federated deep learning for intrusion detection in industrial cyber-physical systems. IEEE Transactions on Industrial Informatics,17(8), pp. 5615-5624.
[24] Lee J., Yun J., and Lee K., 2024. A study on countermeasures against neutralizing technology: encoding algorithm-based ransomware detection methods using machine learning.Electronics, 13(6), 1030.
[25] Kharraz A., Robertson W., Balzarotti D., Bilge L., and Kirda E., 2015. Cutting the gordian knot: A look under the hood of ransomware attacks. InInternational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 3-24.
[26] Malatji M., and Tolah A., 2025. Artificial intelligence (AI) cybersecurity dimensions: a comprehensive framework for understanding adversarial and offensive AI. AI and Ethics,5(2), pp. 883-910.
[27] Mohamed N.,2025. Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms.Knowledge and Information Systems, pp. 1-87.
[28] Ramadevi P., Baluprithviraj K.N., Pillai V.A., and Subramaniam K., 2022. Deep learning based distributed intrusion detection in secure cyber physical systems. Intelligent Automation & Soft Computing,34(3).
[29] Thakur S., Chakraborty A., De R., Kumar N., and Sarkar R., 2021. Intrusion detection in cyber-physical systems using a generic and domain specific deep autoencoder model.Computers & Electrical Engineering, 91, 107044.
[30] Vaswani A., Shazeer N., Parmar N., Uszkoreit J., Jones L., Gomez A.N., Kaiser Ł., and Polosukhin I., 2017. Attention is all you need.Advances in Neural Information Processing Systems, 30.