International Journal of Science, Engineering and TechnologyAuthors: Abhirup Guha
Abstract: We propose LORD, a Lightweight Online Ransomware Detector that integrates incremental learning with hierarchical feature extraction to enable real-time ransomware detection on isolated systems. Traditional signature-based methods fail to adapt to evolving threats, while static behavioral analysis lacks scalability for resource-constrained environments. The proposed method addresses these limitations by intercepting system call sequences and processing them through a Compact Neural Feature Extractor (CNFE), which reduces computational overhead by 60% compared to standard Transformers while preserving detection accuracy. Furthermore, the Incremental Learning Module (ILM) dynamically updates the model using online gradient descent and elastic weight consolidation, ensuring adaptability to new ransomware variants without catastrophic forgetting. To enhance robustness, a Weighted Majority Voting Ensemble (WMVE) aggregates predictions from multiple sub-models, pruning less accurate ones during inference to maintain real-time performance. The system operates entirely offline, requiring no internet connectivity or manual updates, and achieves <5ms latency per prediction with a memory footprint under 50MB. Experimental results demonstrate that LORD detects ransomware with high precision, outperforming conventional rule-based and static machine learning approaches. Its deployment on commodity hardware validates practicality for edge devices, offering a scalable solution for securing isolated systems against zero-day attacks. The integration of TensorFlow Lite and PyTorch JIT compilation ensures efficient execution, making LORD a viable alternative to existing detection frameworks.
DOI: https://doi.org/10.5281/zenodo.16910891
