PROACTIVE RANSOMWARE DEFENSE VIA AI-DRIVEN FILE ENTROPY MONITORING AND REAL-TIME PROCESS BEHAVIOR MODELING

Abstract

Ransomware has become one of the most urgent cybersecurity threats, as it can encrypt enormous amounts of sensitive information in a few seconds and put the digital infrastructure on its knees. Traditional defences, whether using static signatures, heuristic rules, or post-encryption forensics, do not keep up with the fast-changing and obfuscated ransomware families. To overcome these limitations, this paper will present a proactive artificial intelligence-based ransomware detection system that combines the real-time file entropy check with the process behaviour prediction based on Long Short-Term Memory (LSTM) networks. The system makes repeated entropy variation analyses (ΔH/Δt) on file blocks to detect the abnormal increase in randomness, and the LSTM learns sequential dependencies in process-level I/O and memory-access activity. The two modules are combined to create a single ThreatScore, which raises pre-encryption alarms in case of anomalous tendencies. The RanSMAP dataset, a publicly available repository of ransomware and benign storage/memory access logs, was used in experiments with the addition of a Kaggle static PE feature dataset to use as a baseline. The proposed model was found to be 99.1% accurate, 98.9% precise, and a false-positive rate was found to be only 0.6% with an average detection latency of 118 milliseconds, which is better compared to classical Support Vector Machine, Random Forest and standalone LSTM baselines. It also showed a low computational overhead (<3% CPU, <200 MB RAM), proving its practicality in endpoint and IoT implementation. This study advances the current state of proactive ransomware protection by integrating statistical entropy analytics and temporal AI modelling into the current state of proactive protection against ransomware, which focuses on mitigation rather than prevention. The suggested framework moves towards intelligent, autonomous, and explainable cybersecurity systems that can be modified to address the changing ransomware threats.