RANSEC: Hybrid Ensemble Learning-based Secure Approach for Ransomware Detection in Cyber-Physical Defence Systems

Abstract

Sophisticated ransomware attacks increasingly target cyber-physical systems (CPS), therefore seriously compromising security for vital infrastructure. Stronger and more intelligent protection systems are necessary, as conventional detection systems can struggle to adapt to evolving attack patterns. This work proposes a novel hybrid ensemble learning model that is driven by artificial intelligence and makes use of weighted voting, combining Random Forest classifiers with SVM classifiers and another technique, stacking, which utilizes SVM with XGBoost as base classifiers and logistic regression as a meta classifier to improve the accuracy of ransomware detection. Experiments performed on the publicly accessible Kaggle ransomware dataset, containing 62,485 records of process, network activities, validate the superiority of the proposed approach, as the stacking-based hybrid model provides 93.15% accuracy compared to current single and ensemble classifiers. The adaptive resilience of the framework is guaranteed by the dynamic weighting, the meta-learning combination, which reduces the number of false positives and provides low-latency performance that is necessary in the real-world implementation of CPS. This secure model is the first step towards extending the existing literature and provides a scalable means to defend against future ransomware attacks on cyber-physical systems, protecting critical infrastructure in smart manufacturing, healthcare, and energy systems.

Keywords

Cyber Physical System, Weighted Voting Mechanism, Support Vector Classifier, Artificial Intelligence, Ransomware, Extra Tree Classifier

References

1. S. Gupta, S. Hazra, S. Hazra, S. Gayen, S. Mukherjee, and A. Naskar, “Mathematical models of heterogeneous machine learning techniques for ransomware protection in cyber-physical systems,” in 2024 IEEE International Conference on Communication, Computing and Signal Processing (IICCCS), pp. 1–5, IEEE, 2024, DOI: 10.1109/IICCCS61609.2024.10763581.
2. C. R. Kishore and H. Behera, “Malware attack detection in vehicle cyber physical system for planning and control using deep learning,” in Machine Learning for Cyber Physical System: Advances and Challenges, pp. 167–193, Springer, 2024, https://doi.org/10.1007/978-3-031-54038-7_6.
3. M. U. Rana, M. A. Shah, M. A. Al-Naeem and C. Maple, "Ransomware Attacks in Cyber-Physical Systems: Countermeasure of Attack Vectors Through Automated Web Defences," in IEEE Access, vol. 12, pp. 149722-149739, 2024, DOI: 10.1109/ACCESS.2024.3477631.
4. J. BOODAI, A. ALQAHTANI, and K. RIAD, “Deep learning for malware detection: Literature review,” Journal of Theoretical and Applied Information Technology, vol. 102, no. 4, pp. 1715-1739, 2024, https://www.jatit.org/volumes/Vol102No4/34Vol102No4.pdf.
5. R. O. Ogundokun, J. B. Awotunde, S. Misra, O. C. Abikoye, and O. Folarin, “Application of machine learning for ransomware detection in IoT devices,” in Artificial intelligence for cyber security: methods, issues and possible horizons or opportunities, pp. 393–420, Springer, 2021, https://doi.org/10.1007/978-3-030-72236-4_16.
6. N. Rani, S. V. Dhavale, A. Singh, and A. Mehra, “A survey on machine learning-based ransomware detection,” in Proceedings of the Seventh International Conference on Mathematics and Computing: ICMC 2021, pp. 171–186, Springer, 2022, https://doi.org/10.1007/978-981-16-6890-6_13.
7. G. O. Ganfure, C. -F. Wu, Y. -H. Chang and W. -K. Shih, "RTrap: Trapping and Containing Ransomware With Machine Learning," in IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1433-1448, 2023, DOI: 10.1109/TIFS.2023.3240025.
8. N. Z. Gorment, A. Selamat, L. K. Cheng and O. Krejcar, "Machine Learning Algorithm for Malware Detection: Taxonomy, Current Challenges, and Future Directions," in IEEE Access, vol. 11, pp. 141045-141089, 2023, DOI: 10.1109/ACCESS.2023.325697.
9. S. Gulmez, A. G. Kakisim and I. Sogukpinar, "Analysis of the Dynamic Features on Ransomware Detection Using Deep Learning-based Methods," 2023 11th International Symposium on Digital Forensics and Security (ISDFS), Chattanooga, TN, USA, 2023, pp. 1-6, DOI: 10.1109/ISDFS58141.2023.10131862.
10. S. Aurangzeb, H. Anwar, M. A. Naeem, and M. Aleem, “Bigrceml: big-data based ransomware classification using ensemble machine learning,” Cluster Computing, vol. 25, no. 5, pp. 3405–3422, 2022, https://doi.org/10.1007/s10586-022-03569-4.
11. B. Urooj, M. A. Shah, C. Maple, M. K. Abbasi and S. Riasat, "Malware Detection: A Framework for Reverse Engineered Android Applications Through Machine Learning Algorithms," in IEEE Access, vol. 10, pp. 89031-89050, 2022, DOI: 10.1109/ACCESS.2022.3149053.
12. J. Ispahany, M. R. Islam, M. Z. Islam and M. A. Khan, "Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions," in IEEE Access, vol. 12, pp. 68785-68813, 2024, DOI: 10.1109/ACCESS.2024.3397921.
13. M. A. Mohammed, A. Lakhan, D. A. Zebari, M. K. Abd Ghani, H. A. Marhoon, K. H. Abdulkareem, J. Nedoma, and R. Martinek, “Securing healthcare data in industrial cyber-physical systems using combining deep learning and blockchain technology,” Engineering Applications of Artificial Intelligence, vol. 129, p. 107612, 2024, https://doi.org/10.1016/j.engappai.2023.107612.
14. G. Li, S. Wang, Y. Chen, J. Zhou, and Q. Zhao, “A hybrid framework for ransomware detection using deep learning and Monte Carlo tree search,” OSF Preprints, 2024, https://doi.org/10.31219/osf.io/cjyvb.
15. S. Venne, T. Clarkson, E. Bennett, G. Fischer, O. Bakker, and R. Callaghan, “Automated ransomware detection using pattern-entropy segmentation analysis: A novel approach to network security,” Authorea Preprints, 2024, DOI: 10.22541/au 172962050.05868176/v1.
16. S. Wasoye, M. Stevens, C. Morgan, D. Hughes, and J. Walker, “Ran- somware classification using BTLS algorithm and machine learning approaches,” 2024, https://doi.org/10.21203/rs.3.rs-5131919/v1.
17. J. Chen and G. Zhang, “Detecting stealthy ransomware in IPFS networks using machine learning,” 2024, https://doi.org/10.31219/osf.io/38ex9.
18. S. Panja, S. Mondal, A. Nag, J. Prakash Singh, M. Jyoti Saikia and A. Kumar Barman, "An Efficient Malware Detection Approach Based on Machine Learning Feature Influence Techniques for Resource-Constrained Devices," in IEEE Access, vol. 13, pp. 12647-12665, 2025, DOI: 10.1109/ACCESS.2025.3526878.
19. J. A. Herrera-Silva and M. Herna´ndez-A´ lvarez, “Dynamic feature dataset for ransomware detection using machine learning algorithms,” Sensors, vol. 23, no. 3, p. 1053, 2023,
20. https://doi.org/10.3390/s23031053.
21. A. Alraizza and A. Algarni, “Ransomware detection using machine learning: A survey,” Big Data and Cognitive Computing, vol. 7, no. 3, p. 143, 2023, https://doi.org/10.3390/bdcc7030143.
22. R. Bold, H. Al-Khateeb, and N. Ersotelos, “Reducing false negatives in ransomware detection: a critical evaluation of machine learning algorithms,” Applied Sciences, vol. 12, no. 24, p. 12941, 2022, DOI:10.3390/app122412941.
23. M. Masum, M. J. Hossain Faruk, H. Shahriar, K. Qian, D. Lo and M. I. Adnan, "Ransomware Classification and Detection With Machine Learning Algorithms," 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2022, pp. 0316-0322, DOI: 10.1109/CCWC54503.2022.9720869.
24. D. Smith, S. Khorsandroo and K. Roy, "Machine Learning Algorithms and Frameworks in Ransomware Detection," in IEEE Access, vol. 10, pp. 117597-117610, 2022, DOI: 10.1109/ACCESS.2022.3218779.
25. J. E. Hill, T. Owens Walker, J. A. Blanco, R. W. Ives, R. Rakvic and B. Jacob, "Ransomware Classification Using Hardware Performance Counters on a Non-Virtualized System," in IEEE Access, vol. 12, pp. 63865-63884, 2024, DOI: 10.1109/ACCESS.2024.3395491.
26. B. Keyogeg, M. Thompson, G. Dawson, D. Wagner, G. Johnson, and B. Elliott, “Automated detection of ransomware in Windows Active Directory Domain Services using log analysis and machine learning,” Authorea Preprints, 2024, https://d197for5662m48.cloudfront.net/documents/publicationstatus/225955/preprint_pdf/1ca9bb504df1c0d1d47524910f563602.pdf.
27. D. Gihavo, O. Ivanovich, A. Harrison, L. Merritt, and V. Schneider, “Automated file trap selection using machine learning for early detection of ransomware attacks,” Authorea Preprints, 2024, DOI: 10.36227/techrxiv 172840476.68122495/v1.
28. J. Kirkland, R. Stoddard, B. Antonov, N. Dragomirov, and A. Belmonte, “Automated detection of crypto ransomware using machine learning and file entropy analysis,” Authorea Preprints, 2024, DOI: 10.36227/techrxiv 172833027.76280291/v1.
29. Y.-c. Wu and Y.-l. Chang, “Ransomware detection on Linux using machine learning with random forest algorithm,” Authorea Preprints, 2024, DOI: 10.36227/techrxiv 171778770.06550236/v1.
30. Y. Prajapati, O. P. Suthar, K. Gosai and S. K. Singh, "Smart City Cybersecurity: Leveraging Machine Learning for Advanced Ransomware Detection and Prevention," 2025 International Conference on Pervasive Computational Technologies (ICPCT), Greater Noida, India, 2025, pp. 808-813, DOI: 10.1109/ICPCT64145.2025.10941048.
31. T. A. Ahanger, U. Tariq, F. Dahan, S. A. Chaudhry, and Y. Malik, “Securing IoT devices running pureos from ransomware attacks: leveraging hybrid machine learning techniques,” Mathematics, vol. 11, no. 11, p. 2481, 2023, https://doi.org/10.3390/math11112481.
32. T. Sathya, N. Keertika, S. Shwetha, D. Upadhyay, and H. Muzafar, “Bitcoin heist ransomware attack prediction using data science process,” in E3S Web of Conferences, vol. 399, p. 04056, EDP Sciences, 2023, https://doi.org/10.1051/e3sconf/202339904056.