Defense Framework for Runtime Monitoring and Proactive Data Safeguarding Against Emerging Ransomware Threats

Abstract: Nowadays, ransomware attacks are increasing rapidly. Ransomware locks or encrypts important files and asks for money to unlock them, leading to financial loss. Many attacks target websites and web applications due to issues like insecure file uploads, weak input validation, and misconfigurations. In the existing system, the theme they mainly employ is a signature-based detection mechanism, which matches files with a pattern of known malware patterns stored in its database. Once again, if the virus is new or its signature does not exist, then it might escape, and an attack can take place. The proposed system offers automatic and real-time defence from ransomware. The system continuously monitors its behaviour instead of relying on known virus patterns. It uses a Gated Recurrent Unit (GRU) neural network to observe system calls, file access activities, and runtime processes to detect both known and unknown ransomware attacks. In this case, the system protects key data in less than a second by employing CTR-Advanced Encryption Standard (AES) encryption with frequently changing keys when any suspicious behaviour is detected but can still be accessed by any legitimate user to ensure data safety. Honeypot file mechanisms are also used for decoying the attacker to attract them and send an alert in case unauthorised access is attempted. The experimental results show that the three-tier security architecture provides strong protection against ransomware attacks, and it continuously analyses the behaviour, monitors and detects unknown threats, and uses honey files to confirm unauthorised and harmful actions performed by a program and prevent data loss. The system works efficiently without slowing down the computer, so it can be used in real time on modern systems.

Keywords: Ransomware, Behavioural Detection, GRU, AES-CTR, Honey files, Web Security, Zero-Day Attacks.