Introducing Cryptographic Behavioral Signatures for Ransomware Detection: A Novel Approach Using Hybrid Computational Profiling

preprint OA: closed
Full text JSON View at publisher
Full text 12,687 characters · extracted from preprint-html · click to expand
Introducing Cryptographic Behavioral Signatures for Ransomware Detection: A Novel Approach Using Hybrid Computational Profiling | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Introducing Cryptographic Behavioral Signatures for Ransomware Detection: A Novel Approach Using Hybrid Computational Profiling Naomi Algarica, Imogen Winterburn, James Penrose, Katrina Greythorne This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-5519907/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Emerging threats in cybersecurity necessitate innovative detection methodologies capable of addressing rapidly evolving attack mechanisms. Cryptographic Behavioral Signatures (CBS) were introduced as a dual-layered approach integrating cryptographic analysis with behavioral profiling to enhance the detection of malicious activities within digital systems. The framework achieved robust detection capabilities across diverse ransomware families through the systematic identification of cryptographic entropy anomalies and behavioral deviations from normal operational patterns. Experimental evaluations demonstrated high detection accuracy, with minimal false positive and false negative rates, even under conditions of significant noise and computational complexity. A modular architectural design enabled seamless integration into distributed environments, maintaining consistent performance while balancing computational efficiency and scalability. Unlike traditional signature-based or heuristic approaches, CBS achieved adaptability to previously unseen threats through intrinsic profiling mechanisms, reducing dependency on extensive labeled datasets. Quantitative analyses highlighted the framework’s resilience against adversarial evasion tactics, as well as its ability to detect zero-day attacks through entropy-based cryptographic markers. Comparative evaluations demonstrated its superiority over conventional methods, particularly in environments demanding precision and low latency. System resource utilization metrics further validated its feasibility for deployment in resource-constrained and large-scale infrastructures. Comprehensive testing across encryption depths and noise levels provided additional evidence of its operational reliability. The research demonstrated the potential for bridging theoretical advancements in profiling with practical applications in threat mitigation. By leveraging the unique behavioral and cryptographic markers of malware, the framework addressed critical gaps in the cybersecurity landscape while offering a scalable and adaptive solution to evolving challenges. cryptographic profiling behavioral analysis ransomware detection cybersecurity entropy analysis zero-day attacks Full Text Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-5519907","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":382305379,"identity":"f31293dd-e78c-4d4f-9d74-d9228849ebbf","order_by":0,"name":"Naomi Algarica","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA+0lEQVRIiWNgGAWjYFAC5gYgIcHAwA6iDRgY2AhrYYRq4TmArCWBoBaQLhRVeLSYsx9sfvFzj4U8/8zH26R5Cu4k9vEfYHvw8QduLZY9iW2WPc8kDGfcTiuT5jF4ltgmkcBuOAOPLQYHEtsMeA4AXXU7xwyo5bAxmwQDmzQPPi3nH7YZ/gFqkb95BqoF6DDpP/i03EhsfgyyxeAGD1iLHBtDAps0Pu8b3HjYxixzQMJw45m0Yss5IC0SiW2SPWn4HJZ8+OObA3XycscPb7zx5s9hHvn+w8ckftjg1gIEQP9CtTPxgGlYTOEGzB9gWhjxxMYoGAWjYBSMYAAA0HlPZevrQUMAAAAASUVORK5CYII=","orcid":"https://orcid.org/0009-0002-2947-8959","institution":"Quyinvis","correspondingAuthor":true,"prefix":"","firstName":"Naomi","middleName":"","lastName":"Algarica","suffix":""},{"id":382305380,"identity":"9236c7c8-7d82-4a12-9daf-eb7c46dd0502","order_by":1,"name":"Imogen Winterburn","email":"","orcid":"","institution":"Quyinvis","correspondingAuthor":false,"prefix":"","firstName":"Imogen","middleName":"","lastName":"Winterburn","suffix":""},{"id":382305381,"identity":"c1fe98ee-9afd-4511-9c5b-a16cda6ab1c7","order_by":2,"name":"James Penrose","email":"","orcid":"","institution":"Quyinvis","correspondingAuthor":false,"prefix":"","firstName":"James","middleName":"","lastName":"Penrose","suffix":""},{"id":382305382,"identity":"235e67a2-3864-4113-aed8-cffd74c6ee99","order_by":3,"name":"Katrina Greythorne","email":"","orcid":"","institution":"Quyinvis","correspondingAuthor":false,"prefix":"","firstName":"Katrina","middleName":"","lastName":"Greythorne","suffix":""}],"badges":[],"createdAt":"2024-11-25 11:40:11","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-5519907/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-5519907/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":69858250,"identity":"439e0ab6-8b6b-4b43-9d98-4aac2793b86d","added_by":"auto","created_at":"2024-11-26 04:09:42","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":493826,"visible":true,"origin":"","legend":"","description":"","filename":"na0.pdf","url":"https://assets-eu.researchsquare.com/files/rs-5519907/v1_covered_b3290009-8cd2-4e23-b739-051def0e2b67.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eIntroducing Cryptographic Behavioral Signatures for Ransomware Detection: A Novel Approach Using Hybrid Computational Profiling\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"cryptographic profiling, behavioral analysis, ransomware detection, cybersecurity, entropy analysis, zero-day attacks","lastPublishedDoi":"10.21203/rs.3.rs-5519907/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-5519907/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eEmerging threats in cybersecurity necessitate innovative detection methodologies capable of addressing rapidly evolving attack mechanisms. Cryptographic Behavioral Signatures (CBS) were introduced as a dual-layered approach integrating cryptographic analysis with behavioral profiling to enhance the detection of malicious activities within digital systems. The framework achieved robust detection capabilities across diverse ransomware families through the systematic identification of cryptographic entropy anomalies and behavioral deviations from normal operational patterns. Experimental evaluations demonstrated high detection accuracy, with minimal false positive and false negative rates, even under conditions of significant noise and computational complexity. A modular architectural design enabled seamless integration into distributed environments, maintaining consistent performance while balancing computational efficiency and scalability. Unlike traditional signature-based or heuristic approaches, CBS achieved adaptability to previously unseen threats through intrinsic profiling mechanisms, reducing dependency on extensive labeled datasets. Quantitative analyses highlighted the framework’s resilience against adversarial evasion tactics, as well as its ability to detect zero-day attacks through entropy-based cryptographic markers. Comparative evaluations demonstrated its superiority over conventional methods, particularly in environments demanding precision and low latency. System resource utilization metrics further validated its feasibility for deployment in resource-constrained and large-scale infrastructures. Comprehensive testing across encryption depths and noise levels provided additional evidence of its operational reliability. The research demonstrated the potential for bridging theoretical advancements in profiling with practical applications in threat mitigation. By leveraging the unique behavioral and cryptographic markers of malware, the framework addressed critical gaps in the cybersecurity landscape while offering a scalable and adaptive solution to evolving challenges.\u003c/p\u003e","manuscriptTitle":"Introducing Cryptographic Behavioral Signatures for Ransomware Detection: A Novel Approach Using Hybrid Computational Profiling","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-11-26 04:01:35","doi":"10.21203/rs.3.rs-5519907/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"b9b30897-bb27-455a-a655-0b68dcd02a07","owner":[],"postedDate":"November 26th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2024-11-26T04:01:35+00:00","versionOfRecord":[],"versionCreatedAt":"2024-11-26 04:01:35","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-5519907","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-5519907","identity":"rs-5519907","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00