Proceedings of International Conference on Computer Science and Communication Engineering (ICCSCE 2025)

<Previous Article In Volume
Next Article In Volume>

Preventing Ransomware Attacks Using Host-Based Monitoring of Processor and Disk Activity

Authors
D. Bujji Babu1, *, P. Sai Nikhitha1, M. Senthil1, K. Kishore Babu1
1Professor, Dept of CSE, QIS College of Engineering and Technology, Ongole, Andhra Pradesh, India
*Corresponding author. Email: bujjibict@gmail.com
Corresponding Author
D. Bujji Babu
Available Online 4 November 2025.
DOI
10.2991/978-94-6463-858-5_55How to use a DOI?
Keywords
Ransomware; Virtual Machine (VM); Detection System; Machine Learning Classifiers; K-Nearest Neighbors (KNN)
Abstract

Ransomware performs file encryption to make systems unable to use their contents as well as bypass traditional antivirus programs. Most present detection systems track system calls along with processes and file activities on compromised systems before conducting data analysis. The monitoring of multiple processes generates considerable system overhead while sophisticated ransomware programs possess the capability to modify monitoring tools to modify system data. The research implements a virtual machine (VM) to develop a dependable system that detects ransomware effectively. The monitoring of process-level activities proves unnecessary because the research gathers CPU and disc I/O measurements crossing the entire virtual machine. The method lowers overall system performance and helps stop ransomware attacks. The suggested method detects both known and new ransomware swiftly with high accuracy through its resistance against shifting user workloads. During tests, the KNN classification method achieved superior results compared to six other classifiers which were used to develop detection models with machine learning classifiers. The KNN model displayed exceptional detection accuracy because it achieved 98.67 probability detection in 400 ms. A study proved this method effective and feasible through ransomware strain testing on 22 strains under six different user workload conditions.

Copyright
© 2025 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of International Conference on Computer Science and Communication Engineering (ICCSCE 2025)
Series
Advances in Computer Science Research
Publication Date
4 November 2025
ISBN
978-94-6463-858-5
ISSN
2352-538X
DOI
10.2991/978-94-6463-858-5_55How to use a DOI?
Copyright
© 2025 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - D. Bujji Babu
AU  - P. Sai Nikhitha
AU  - M. Senthil
AU  - K. Kishore Babu
PY  - 2025
DA  - 2025/11/04
TI  - Preventing Ransomware Attacks Using Host-Based Monitoring of Processor and Disk Activity
BT  - Proceedings of International Conference on Computer Science and Communication Engineering (ICCSCE 2025)
PB  - Atlantis Press
SP  - 634
EP  - 646
SN  - 2352-538X
UR  - https://doi.org/10.2991/978-94-6463-858-5_55
DO  - 10.2991/978-94-6463-858-5_55
ID  - Babu2025
ER  -