Ransomware Detection through Probabilistic Code Anomaly Profiling

Abstract The Probabilistic Code Anomaly Profiling (PCAP) framework represents a significant advancement in the detection of ransomware through its innovative integration of probabilistic modeling and comprehensive behavioral analysis. By employing Gaussian Mixture Models (GMMs) to model benign and malicious behaviors, the framework effectively identifies deviations indicative of ransomware activity. The dual approach of static analysis, which examines code structures, and dynamic analysis, which monitors runtime behaviors, enables the extraction of distinctive features that enhance detection accuracy. This methodology allows for the identification of both known and emerging ransomware threats, addressing the limitations of traditional signature-based detection systems. The PCAP framework's adaptability is further demonstrated through its dynamic adjustment of probabilistic thresholds, balancing sensitivity and specificity to minimize false positives while maintaining high true positive rates. Experimental evaluations have shown that the framework achieves a mean detection accuracy of 94.0\% across various ransomware variants, including LockBit, BlackCat, Hive, and Conti. Additionally, the system maintains efficient resource utilization, with CPU usage averaging around 46\% and memory consumption within acceptable limits, ensuring its suitability for real-time deployment in diverse operational environments. Comparative analyses indicate that the PCAP framework outperforms existing detection solutions, achieving higher detection accuracy and lower false positive rates. Its scalability has been validated through consistent processing times across varying dataset sizes, confirming its capability to handle large volumes of data efficiently. The framework's ability to adapt to emerging ransomware variants, as evidenced by increasing detection rates for newly identified strains such as Rhysida and Sphynx, demonstrates its relevance in the evolving threat landscape. The integration of probabilistic profiling and behavioral analysis within the PCAP framework establishes a robust and adaptable approach to ransomware detection, offering significant potential for enhancing cybersecurity measures against sophisticated and evolving threats.