Towards Low-Latency and Adaptive Ransomware Detection Using Contrastive Learning

Abstract--Ransomware has become a critical threat to cy-bersecurity due to its rapid evolution, the necessity for early detection, and growing diversity, posing significant challenges to traditional detection methods. While AI-based approaches had been proposed by prior works to assist ransomware detection, existing methods suffer from three major limitations, ad-hoc feature dependencies, delayed response, and limited adaptability to unseen variants. In this paper, we propose a framework that integrates self-supervised contrastive learning with neural architecture search (NAS) to address these challenges. Specifically, this paper offers three important contributions. Experimental results show that our proposed method achieves significant improvements in both detection accuracy (up to 16.1%) and response time (up to 6x) compared to existing approaches while maintaining robustness under evasive attacks. Ransomware has emerged as one of the most pervasive threats in cybersecurity. It encrypts files on infected machines and demands a ransom for decryption, resulting in significant financial losses. According to a recent study [1], global ransomware-related damages have exceeded $6 trillion, highlighting an urgent need for efficient defense frameworks. Compared with conventional malware, ransomware poses a greater threat due to its stealth and urgency for immediate response. As illustrated in Figure 1, a typical ransomware attack involves two major phases: a stealthy initialization phase where the malware registers itself and loads encryption algorithms, along with the infection phase where encryption begins and causes damage within milliseconds.