Abstract :

Ransomware Attacks Continue To Evolve Into Highly Sophisticated Threats, Often Bypassing Traditional Signature-based And Static Malware Defenses. Recent Studies Demonstrate That Ransomware Exhibits Distinct Behavioral Anomalies In System Resource Consumption, Particularly In Processor Load And Disk Activity Patterns During Encryption Phases [1], [2], [4]. This Work Proposes A Behavioral Detection Approach That Leverages Abnormal CPU Utilization Spikes, Irregular Disk I/O Operations, And Sudden Bursts Of Write Activity As Early Indicators Of Ransomware Execution [5], [9], [14], [19]. Machine Learning Models Trained On System-resource-based Telemetry Have Shown Promising Results In Distinguishing Normal Application Behavior From Malicious Encryption Workloads [3], [10], [17], [20]. Host-level Monitoring Enables Lightweight, Real-time Profiling Without Relying On Malware Signatures, Enhancing The Ability To Detect Zero-day Threats [7], [11], [16], [22]. Prior Research Further Highlights That Ransomware Consistently Triggers Unique Performance Footprints Due To Intensive Cryptographic Operations, Making Processor And Disk Metrics Highly Reliable Features For Threat Identification [8], [12], [13], [18], [21]. Building On These Insights, This Study Presents An Efficient Detection Framework That Captures Resource Usage Deviations To Flag Potential Ransomware Activities With Improved Accuracy And Minimal Overhead [6], [15], [23]. Keywords :Ransomware Detection, CPU Utilization Analysis, Disk Activity Monitoring, Behavioral Analysis, System Resource Profiling, Anomaly Detection, Machine Learning Classification, Encryption Workload Patterns, Real-time Threat Detection, Host-based Monitoring

Published:

29-11-2025

Issue:

Vol. 25 No. 11 (2025)

Page Nos:

336-343

Section:

Articles

License:

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

How to Cite