A Hybrid Machine Learning Approach for Ransomware Detection: Integrating Signature and Anomaly-Based Techniques

As new technologies reshape the digital landscape, cyberattacks are also becoming more frequent and sophisticated. Statistics highlight ransomware as one of the most dangerous cyber threats today. Ransomware’s ability to encrypt files and demand ransom poses serious risks to individuals, economies, and state security by endangering critical data. In particular, cyber-physical systems (CPS)—such as smart grids, industrial control systems, and autonomous vehicles—are increasingly vulnerable to such threats. Detecting ransomware remains an active area of research, yet many current anomaly-based intrusion detection systems (IDS) struggle with big data, facing challenges such as outdated reference models, low detection accuracy, and high false alarm rates (FAR). This study introduces a hybrid classification approach aimed at improving ransomware detection accuracy and reducing FAR. Specifically, the proposed hybrid approach combines the strengths of both signature-based and anomaly-based detection techniques to enhance ransomware detection. Evaluation results demonstrate an FAR below 0.020% and a detection time under 5 seconds. Our hybrid detection model is highly relevant to securing CPS, where both cyber and physical damage may result from ransomware attacks.

• Publication year

  2025

• Venue

  2025 International Conference on Communication, Computing, Networking, and Control in Cyber-Physical Systems (CCNCPS)

• Publication date

  2025-06-10

• Fields of study

  Not labeled

• Identifiers
  DOI 10.1109/CCNCPS66785.2025.11135708
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Cybercrime on a Global Scale: Trends, Policies, and Cybersecurity Strategies

  2024cited by this paper
• Ransomware Detection Using Machine Learning: A Survey

  2023cited by this paper
• Adversarial Machine Learning for Network Intrusion Detection Systems: A Comprehensive Survey

  2023cited by this paper
• Enhancing Ransomware Attack Detection Using Transfer Learning and Deep Learning Ensemble Models on Cloud-Encrypted Data

  2023cited by this paper
• A New Scheme for Ransomware Classification and Clustering Using Static Features

  2022cited by this paper
• Intelligent and behavioral-based detection of malware in IoT spectrum sensors

  2022cited by this paper
• Malware Analysis and Detection Using Machine Learning Algorithms

  2022cited by this paper
• Detecting Obfuscated Malware using Memory Feature Engineering

  2022cited by this paper
• Ransomware Clustering and Classification using Similarity Matrix

  2022cited by this paper
• Trends and Future Directions in Automated Ransomware Detection

  2022cited by this paper
• Anatomy of Ransomware: Attack Stages, Patterns and Handling Techniques

  2021cited by this paper
• Ransomware Detection using Random Forest Technique

  2020cited by this paper
• Malware classification using compact image features and multiclass support vector machines

  2020cited by this paper
• Modified Decision Tree Technique for Ransomware Detection at Runtime through API Calls

  2020cited by this paper
• A Cyber-Kill-Chain based taxonomy of crypto-ransomware features

  2019cited by this paper
• Gradient Boosting Machine

  2018cited by this paper
• Machine Learning-Based Detection of Ransomware Using SDN

  2018cited by this paper
• Automatically Traceback RDP-Based Targeted Ransomware Attacks

  2018cited by this paper
• Evolution of ransomware

  2018cited by this paper
• Decision tree methods: applications for classification and prediction

  2015cited by this paper
• K-Nearest Neighbors

  2013cited by this paper
• Support vector machine

  2013cited by this paper
• Random Forests

  2001cited by this paper

• No citing papers are available for this paper.