DETECTION OF RANSOMWARE ATTACKS USING PROCESSOR AND DISK USAGE DATA

Abstract

Ransomware attacks have emerged as a significant cybersecurity threat, causing severe data loss and financial damage to individuals and organizations. Traditional signature-based detection methods often fail to identify new or evolving ransomware variants, making behavior-based monitoring an effective alternative. This study proposes a ransomware detection approach based on analyzing processor usage and disk activity patterns. By continuously monitoring systemlevel metrics such as CPU utilization, read/write operations, disk I/O rates, and process behavior, the system identifies abnormal resource consumption that typically occurs during encryption processes. Machine learning algorithms are applied to classify normal and malicious activities using extracted performance features. The proposed model aims to provide early-stage detection with minimal system overhead, enabling faster response and mitigation. Experimental results demonstrate that processor and disk usage data can serve as reliable indicators for identifying ransomware behavior, improving detection accuracy while reducing false positives. This approach contributes to proactive cybersecurity defense by enabling real-time monitoring and intelligent threat analysis.