A Bio-Inspired Behavior-Based Hybrid Framework for Ransomware Detection

Mohammed A. F. SalahMohd Fadzli MarhusinRossilawati Sulaiman2026-02-032026-02-032025Mohammed A. F. Salah,Mohd Fadzli Marhusin & Rossilawati Sulaiman (2025). A Bio-Inspired Behavior-Based Hybrid Framework for Ransomware Detection. International Journal of Advanced Computer Science and Applications, 16(12). https://doi.org/10.14569/ijacsa.2025.01612412156-5570 (10.14569/IJACSA.2025.0161241https://thesai.org/Downloads/Volume16No12/Paper_41-A_Bio_Inspired_Behavior_Based_Hybrid_Framework_for_Ransomware_Detection.pdfhttps://oarep.usim.edu.my/handle/123456789/28694Indexed by (Tier 2)Ransomware remains a critical and evolving cybersecurity threat, increasingly rendering traditional signature-based detection techniques ineffective. While modern machine learning models achieve high detection accuracy, they often operate as opaque “black boxes”, introducing a significant explainability gap that undermines analyst trust. In addition, behavior-based anomaly detection systems frequently suffer from high false-positive rates, limiting their operational viability. To address these challenges, this study adopts a Design Science Research Methodology to develop a novel, interpretable, multi-stage ransomware detection framework. The proposed architecture integrates three complementary components: a bio-inspired Negative Selection Algorithm from Artificial Immune Systems to filter benign behavioral patterns, a first-order Markov chain model to capture probabilistic deviations in execution sequences, and a Random Forest ensemble classifier to synthesize these signals for final decision-making. The framework is evaluated using a dual-pipeline experimental design on real-world ransomware and benign software samples, enabling controlled comparison between probabilistic and pattern-based behavioral modeling. Experimental results demonstrate that the proposed approach achieves high detection performance while maintaining a low false-positive rate and providing interpretable behavioral evidence. Overall, the framework offers a principled balance between detection effectiveness and interpretability, addressing key limitations of existing ransomware detection systems.en-USRansomwareArtificial Immune Systems (AIS)anomaly detectionNegative Selection AlgorithmMarkov chainRandom Foresthybrid frameworkA Bio-Inspired Behavior-Based Hybrid Framework for Ransomware Detectionjournal-article4624721612