Real-Time Detection of Ransomware Attacks Using Processor and Disk Activity with Random Forests
preprint
OA: closed
CC-BY-NC-ND-4.0
Abstract
Ransomware is capable of causing significant damage through the encryption of critical data and the disruption of essential services. The novel concept of utilizing processor and disk usage data for real-time detection introduces a systemlevel perspective, enhancing the ability to detect and respond to ransomware activities with greater accuracy. The proposed methodology employs a random forest classifier to analyze high-resolution system metrics, such as CPU and disk usage patterns, to differentiate between normal and malicious behaviors. Experimental results demonstrate the model's effectiveness, achieving an accuracy of 96.7% while maintaining a low false positive rate. Feature importance analysis further reveals the critical role of entropy-based measures and peak CPU usage in identifying ransomware signatures. Comparative evaluation against other machine learning models, including Support Vector Machines and neural networks, demonstrates the superiority of the random forest approach in both predictive performance and computational efficiency. The research provides valuable insights into the potential of machine learning in enhancing cybersecurity measures and offers a foundation for future advancements in ransomware detection.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.
Source provenance
- europepmc
- last seen: 2026-05-20T01:45:00.602351+00:00
- unpaywall
- last seen: 2026-05-29T02:00:03.542394+00:00
License: CC-BY-NC-ND-4.0