Sciences des Structures et de la Matière

Ransomware is a serious and evolving threat to global cybersecurity, utilizing advanced defense techniques that render traditional signature-based defenses ineffective. This paper proposes a new framework for real-time behavioral analysis and response to ransomware (R2BAR), which integrates machine learning with live threat intelligence feeds to enable proactive detection and automated mitigation. The R2BAR framework uses an ensemble approach, which combines a lightweight gradient boosting (XGBoost) model for efficient initial screening with a Long Short-Term Memory (LSTM) network for deep sequential analysis of API call patterns. Detection accuracy is further enhanced by dynamically correlating system behavior with real-time threat intelligence. Experimental evaluation shows that this framework achieves an F1-score of 98.1% and an area under the ROC curve of 0.998, while maintaining a low mean response time (TTR) of 2.35 seconds. This rapid response effectively breaks encryption before significant data loss occurs. The results confirm that the proposed solution addresses the primary limitations of existing methods by striking a balance between high accuracy, operational speed, and interpretability, creating a robust blueprint for the next generation of autonomous ransomware protection systems.

https://doi.org/10.70974/mat09225070

Ahmed, A. A., Shaahid, A., Alnasser, F., Alfaddagh, S., Binagag, S., & Alqahtani, D. (2024). Android ransomware detection using supervised machine learning techniques based on traffic analysis. Sensors, 24(1), 189. https://doi.org/10.3390/s24010189

Albshaier, L., Almarri, S., & Rahman, M. M. H. (2024). Earlier decision on detection of ransomware identification: A comprehensive systematic literature review. Information, 15(8), 484. https://doi.org/10.3390/info15080484

AlMajali, A., Elmosalamy, A., Safwat, O., & Abouelela, H. (2024). Adaptive ransomware detection using similarity-preserving hashing. Applied Sciences, 14(20), 9548.

AlMajali, A., Qaffaf, A., Alkayid, N., & Wadhawan, Y. (2022). Crypto-ransomware detection using selective hashing. International Conference on Electrical and Computing Technologies and Applications (ICECTA), 328–331. https://doi.org/10.1109/icecta57148.2022.9990424

Alqaralleh, B. A., Aldhaban, F., AlQarallehs, E. A., & Al-Omari, A. H. (2022). Optimal machine learning enabled intrusion detection in cyber-physical system environment. Computers, Materials & Continua, 72(3), 4691–4707.

Alzahrani, S., Xiao, Y., & Sun, W. (2022). An analysis of Conti ransomware leaked source codes. IEEE Access, 10, 100178–100193. https://doi.org/10.1109/ACCESS.2022.3207757

Alzahrani, S., Xiao, Y., Asiri, S. (2023). Conti ransomware development evaluation. In Proceedings of the 2023 ACM Southeast Conference (pp. 39–46). ACM.

Alzahrani, S., Xiao, Y., Asiri, S., Alasmari, N., & Li, T. (2025). RansomFormer: A cross-modal transformer architecture for ransomware detection via the fusion of byte and API features. Electronics, 14(1245). https://doi.org/10.3390/electronics14071245

Ayyoub, E. H., et al. (2025). Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems. Engineering Research Express, 7(1), 015211. https://doi.org/10.1088/2631-8695/ada3b3

Cen, M., Jiang, F., & Doss, R. (2024). RansoGuard: A RNN-based framework leveraging pre-attack sensitive APIs for early ransomware detection. Computers & Security, 104293. https://doi.org/10.1016/j.cose.2024.104293

Drabent, K., Janowski, R., & Mongay Batalla, J. (2024). How to circumvent and beat the ransomware in Android operating system—A case study of Locker.CB!tr. Electronics, 13(11), 2212. https://doi.org/10.3390/electronics13112212

Gazzan, M., & Sheldon, F. T. (2023). An enhanced minimax loss function technique in generative adversarial network for ransomware behavior prediction. Future Internet, 15(10), 318. https://doi.org/10.3390/fi15100318

Gazzan, M., & Sheldon, F. T. (2024). An incremental mutual information-selection technique for early ransomware detection. Information, 15(4), 194. https://doi.org/10.3390/info15040194

Gómez-Hernández, J. A., & García-Teodoro, P. (2024). Lightweight crypto-ransomware detection in Android based on reactive honeyfile monitoring. Sensors, 24(9), 2679. https://doi.org/10.3390/s24092679

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the Gordian knot: A look under the hood of ransomware attacks. In M. Almgren, V. Gulisano, & F. Maggi (Eds.), Detection of intrusions and malware, and vulnerability assessment (pp. 3–24). Springer.

Lee, J., Yun, J., & Lee, K. (2024). A study on countermeasures against neutralizing technology: Encoding algorithm-based ransomware detection methods using machine learning. Electronics, 13(1030).

Lee, Y., Lee, J., Ryu, D., Park, H., & Shin, D. (2024). Clop ransomware in action: A comprehensive analysis of its multi-stage tactics. Electronics, 13(18), 3689. https://doi.org/10.3390/electronics13183689

Li, B., Wu, Y., Song, J., Lu, R., Li, T., & Zhao, L. (2020). DeepFed: Federated deep learning for intrusion detection in industrial cyber–physical systems. IEEE Transactions on Industrial Informatics, 17(8), 5615–5624.

Li, J., Yang, G., & Shao, Y. (2024). Ransomware detection model based on adaptive graph neural network learning. Applied Sciences, 14(11), 4579. https://doi.org/10.3390/app14114579

Manzil, H. H. R., & Naik, S. M. (2024). Android ransomware detection using a novel hamming distance-based feature selection. Journal of Computer Virology and Hacking Techniques, 20(1), 71–93. https://doi.org/10.1007/s11416-023-00495-w

Malatji M, Tolah A (2024) Artificial intelligence (AI) cybersecurity dimensions: a comprehensive framework for understanding adversarial and offensive AI. AI Ethics. https://doi.org/10.1007/s43681-024-00427-4

Mohamed, N. Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms. Knowl Inf Syst 67, 6969–7055 (2025). https://doi.org/10.1007/s10115-025-02429-y

Ramadevi, P., Baluprithviraj, K. N., Pillai, V. A., & Subramaniam, K. (2022). Deep learning based distributed intrusion detection in secure cyber-physical systems. Intelligent Automation & Soft Computing, 34(3).

Sakellariou, G., Katsantonis, M., & Fouliras, P. (2025). Probabilistic Measurement of CTI Quality for Large Numbers of Unstructured CTI Products. Electronics, 14(9), 1826.

Samtani S, Chen H, Kantarcioglu M, Thuraisingham B (2022) Explainable artificial intelligence for cyber threat intelligence (XAI-CTI). IEEE Trans Dependable Secure Comput 19(4):2149–2150

Sharma, D. K., Mishra, J., Singh, A., Govil, R., Srivastava, G., & Lin, J. C. W. (2022). Explainable artificial intelligence for cybersecurity. Computers and Electrical Engineering, 103, 108356.

Thakur, S., Chakraborty, A., De, R., Kumar, N., & Sarkar, R. (2021). Intrusion detection in cyber-physical systems using a generic and domain specific deep autoencoder model. Computers & Electrical Engineering, 91, 107044.

Umer, M., Sadiq, S., Karamti, H., Alhebshi, R. M., Alnowaiser, K., Eshmawi, A. A., ... & Ashraf, I. (2022). Deep learning-based intrusion detection methods in cyber-physical systems: Challenges and future trends. Electronics, 11(20), 3326.

Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A. N., Kaiser, L., & Polosukhin, I. (2023). Attention is all you need. arXiv. https://arxiv.org/abs/1706.03762

Yamany, B., Elsayed, M. S., Jurcut, A. D., Abdelbaki, N., & Azer, M. A. (2024). A holistic approach to ransomware classification: Leveraging static and dynamic analysis with visualization. Information, 15(1), 46. https://doi.org/10.3390/info15010046