Ransomware Resilience: An Integrated Framework for Mitigation, Recovery, and Best Practices using SIEM and Machine Learning

DOI

10.2991/978-94-6239-713-2_19How to use a DOI?

Keywords

Ransomware; SIEM; Machine Learning; Elastic Stack; Anomaly Detection; LSTM; Digital Forensics

Abstract

This paper deals with the major and growing threat of ransomware, which causes significant financial and business losses by using developed multi-stage attacks. The modern threat environment has changed to Ransomware-as-a-Service (RaaS) format and polymorphic code, making past security models that used extensive reliance on outdated signature-based detection or the use of diverse endpoint solutions insufficient. Such conventional defences are usually ineffective in identifying polymorphic code and often can only react once the destructive phase of the encryption process has already started, and so a contextual, predictive, and integrated defence is critical. The current paper proposes and substantiates a new combined Security Information and Event Management (SIEM) system that uses the Elastic Stack (Elasticsearch and Kibana) to ingest and correlate host and network logs in real time. The methodology adopts a hybrid analysis engine that combines the latest advanced behavioural profiling models, such as SOM (self-organising maps), Random Forest Classifiers, and Long Short-Term Memory networks, overlaid with custom-designed Sigma rules for hunting multi-indicator strikes such as Emotet, Trickbot, and IcedID. The research also uses forensic tooling, including FTK Imager for capturing volatile data and IDA Pro to reverse engineer malware binaries. In this way, even detection logic is founded upon a solid base of low- level execution. The architecture was tested in comparison with simulated multi-stage attacks in a virtualised endpoint space, which includes a Windows 10 victim virtual machine and a Kali Linux Command-and-Control (C2) server. The integrative approach was far more effective than the traditional signature-guiding approach, which achieved a detection accuracy of 92.3, a precision of 95.7, and a false-positive rate of 0.02. The high-quality result confirms that the entire SIEM and Machine Learning method is an entirely successful and proactive answer to modern ransomware.

Copyright

© 2026 The Author(s)

Open Access

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

TY  - CONF
AU  - Abhikshit Gogoi
AU  - Ashim Sharma
PY  - 2026
DA  - 2026/06/25
TI  - Ransomware Resilience: An Integrated Framework for Mitigation, Recovery, and Best Practices using SIEM and Machine Learning
BT  - Proceedings of the International Conference on Advances in Computing Technology and Artificial Intelligence (COMPUTATIA 2026)
PB  - Atlantis Press
SP  - 255
EP  - 276
SN  - 2589-4919
UR  - https://doi.org/10.2991/978-94-6239-713-2_19
DO  - 10.2991/978-94-6239-713-2_19
ID  - Gogoi2026
ER  -