IJCOPE Journal

UGC Logo DOI / ISO Logo

International Journal of Creative and Open Research in Engineering and Management

A Peer-Reviewed, Open-Access International Journal Supporting Multidisciplinary Research, Digital Publishing Standards, DOI Registration, and Academic Indexing.
Journal Information
ISSN: 3108-1754 (Online)
Crossref DOI: Available
ISO Certification: 9001:2015
Publication Fee: 599/- INR
Compliance: UGC Journal Norms
License: CC BY 4.0
Peer Review: Double Blind
Volume 02, Issue 05

Published on: May 2026

ERBAM:EFFECTIVE RANSOMWARE BEHAVIOR ANALYSIS AND MITIGATION

Gounda Areeb Fahad Musahib Ali khan Awaze Suleman Luswal

smitha rajagopal

dept. of Computer Science and Engineering Alliance College of Engineering and Design
DOI:https://doi.org/10.55041/ijcope.v2i5.001

Article Status

Plagiarism Passed Peer Reviewed Open Access

Available Documents

Download PDF Review Report

Abstract

Ransomware attacks have become increasingly sophisticated, causing severe financial and data losses across various sectors. Traditional antivirus and signature based defenses fail to detect new or evolvingransomware strains due to their dynamic behavior. This is our aim to analyze the behavioral patterns of ransomware in real time.

Traditional signature-based antivirus systems are increasingly ineffective against modern ransomware due to polymorphic code structures, fileless execution, and zero-day attack strategies. This research proposes Adaptive Pattern Signature Analysis (APSA), a behavior-driven ransomware detection framework designed to identify malicious activity through dynamic behavioral analysis rather than static signatures.

The APSA framework introduces a multi-layer detection architecture that continuously analyzes system activity using behavioral indicators such as encryption frequency, anomalous file access patterns, network communication irregularities, and abnormal CPU or resource utilization. These features are modeled through statistical anomaly detection using Z-score normalization, Mahalanobis distance, and probabilistic risk estimation, allowing the system to capture coordinated deviations across multiple behavioral dimensions. A weighted scoring mechanism combined with a sigmoid-based probabilistic decision model enables APSA to classify processes into four threat levels: Clean, Monitor, Suspicious, and Alert.

Unlike conventional systems that rely heavily on predefined malware signatures, APSA dynamically updates behavioral baselines using adaptive learning techniques, allowing the model to evolve alongside emerging ransomware variants. Experimental validation using multiple malware datasets demonstrates that

APSA achieves 96.3% detection accuracy, 94.8% precision, and 95.2% recall, while maintaining a low 1.2% false positive rate and an average 2.3-second detection latency.

The proposed framework offers a scalable and proactive defense mechanism capable of detecting sophisticated ransomware attacks, including cryptojacking and fileless malware. By integrating adaptive learning with probabilistic threat scoring, APSA contributes toward the development of next-generation intelligent cybersecurity defense systems.

Index Terms - Ransomware Behavior Analysis,APSA Framework,Adaptive Matching Engine,Real-time Threat Detection.

How to Cite this Paper

Fahad, G. A., khan, M. A., Awaze, & Luswal, S. (2026). ERBAM:Effective Ransomware Behavior Analysis and Mitigation. International Journal of Creative and Open Research in Engineering and Management, <i>02</i>(05). https://doi.org/10.55041/ijcope.v2i5.001

Fahad, Gounda, et al.. "ERBAM:Effective Ransomware Behavior Analysis and Mitigation." International Journal of Creative and Open Research in Engineering and Management, vol. 02, no. 05, 2026, pp. . doi:https://doi.org/10.55041/ijcope.v2i5.001.

Fahad, Gounda,Musahib khan, Awaze, and Suleman Luswal. "ERBAM:Effective Ransomware Behavior Analysis and Mitigation." International Journal of Creative and Open Research in Engineering and Management 02, no. 05 (2026). https://doi.org/https://doi.org/10.55041/ijcope.v2i5.001.

Search & Index

Google Scholar Crossref DOI ResearchGate

References


  • Rangasamy, "Ransomware Trends for 2026: Agentic AI and the Rise of Cyber Resilience," Commvault Systems, Oct. 2025.

  • . Unit 42, "2026 Global Incident Response Report: Identity-Based Intrusions and AI-Augmented TTPs," Palo Alto Networks, Feb. 2026.

  • Rakesh et al., "The Recent Trends in Ransomware Detection and Behaviour Analysis," in Proc. 2024 IEEE Conference, Dec. 2024 (Added to IEEE Xplore Feb. 2025).

  • K. Singh et al., "A Survey of Ransomware Detection Methods," IEEE Xplore, vol. 13, pp. 1-25, 2025.

  • Mohsin and A. Abdulateef, "Behavior-aware cybersecurity using artificial intelligence and cryptographic intelligence," International Journal of Data and Network Science, vol. 10, no. 1, pp. 45-62, Jan. 2026.

  • Aljabri et al., "RansomFormer: A Cross-Modal Transformer Architecture for Ransomware Detection via the Fusion of Byte and API Features," MDPI Electronics, vol. 14, no. 7, Mar. 2025.

  • Gulmez et al., "A Deep Learning Framework for Enhanced Detection of Polymorphic Ransomware," MDPI Applied Sciences, vol. 17, no. 7, July 2025.

  • Atef et al., "Zero-Day Ransomware Attack Detection Using Static Portable Executable Header Features," MDPI Applied Sciences, vol. 15, no. 19, Sept. 2025.

  • Sulaiman and A. Khraisat, "RANSEC: Hybrid Ensemble Learning-based Secure Approach for Ransomware Detection in Cyber-Physical Defence Systems," Journal of Applied Science and Technology Trends, 2026.

  • Baker et al., "A Machine Learning-Based Ransomware Detection Method  for  Attackers'  Neutralization  Techniques  Using Format-Preserving Encryption," MDPI Sensors, vol. 25, no. 8, Apr. 2025.

Ethical Compliance & Review Process

  • All submissions are screened under plagiarism detection.
  • Review follows editorial policy.
  • Authors retain copyright.
  • Peer Review Type: Double-Blind Peer Review
  • Published on: May 03 2026
CCBYNC

This article is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. You are free to share and adapt this work for non-commercial purposes with proper attribution.

View License
Back to Volume 02, Issue 05View All Issues Next Article

← Previous Article

Enhancing Thermal Regulation in Building Using Phase Change Materials (Pcm) Embedded Concrete

Next Article →

Explainable Ensemble Learning for Industrial Predictive Maintenance Using SHAP and LightGBM
Scroll to Top