Shared Defence Response in Corporate Networks

Stefan Tafkov1,3 , Zlatogor Minchev 1,2,3
1Institute of ICT, Bulgarian Academy of Sciences, Acad. Georgi Bonchev Str., Bl. 25A, Sofia, 1113, Bulgaria
2Institute of Mathematics & Informatics, Bulgarian Academy of Sciences, Acad. Georgi Bonchev Str., Bl. 8, Sofia, 1113, Bulgaria
3Centre for Implementation of Scientific Research on Digitisation of the Economy in an Environment of Big Data (DEEBD), Sofia, Bulgaria
stefan.tafkov@iict.bas.bg
zlatogor@bas.bg
DOI: 10.46793/BISEC25.110T

 

ABSTRACT: In recent years, malware and particularly ransomware has evolved rapidly, em-ploying increasingly sophisticated techniques to infiltrate and compromise mod-ern computing environments. This escalation highlights the urgent necessity for adaptive endpoint defense mechanisms capable of detecting and mitigating emerg-ing threats in real time. The present work introduces a Machine Learning-based Endpoint Detection and Response (ML EDR) model designed to provide dynam-ic, behavior-driven protection against both malware and ransomware attacks. The proposed system leverages multi-layer telemetry collected from distributed end-point sensors used to model system behavior, identify anomalies, and predict ma-licious actions before they fully execute. By analyzing traffic flows, process ac-tivity, and file operations in a dynamic sandboxed environment, the model learns behavioral signatures directly from infected samples. These signatures enable the system to classify threats and anticipate future malicious steps with high accura-cy. Integration with a Cloud Intelligence Network and cloud-assisted file analysis enhances the model’s adaptability, enabling rapid updates, collaborative threat in-telligence sharing, and large-scale pattern correlation. The multi-layer monitoring architecture ensures continuous visibility across endpoints, enabling early-stage detection of polymorphic and zero-day ransomware variants. Experimental results demonstrate that the adaptive ML-based EDR model improves detection precision and significantly reduces response time to emerging threats. The study contrib-utes to a scalable, self-evolving defense mechanism suitable for modern enter-prise security ecosystems.

KEYWORDS: Ransomware, Machine Learning, EDR (Endpoint Detection and Response), Be-havioral Analysis, Telemetry Detection, Neural Network/Residual Neural Net-work (ResNet), Threat Intelligence, Malware Cloud Intelligence, Cloud-Based Analysis.

ACKNOWLEDGMENT: The authors of this study are granting a special appreciation for the experimental base and partial funding support to the National Scientific Programme “Security & Defense”. Additional gratitude is also given to the Centre of Competence on Digitisation of the economy in an environment of Big Data-second stage, established under Grant No. BG16RFPR002-1.014-0013-C01, financed by the Science and Education for Smart Growth Operational Program and co-financed by the European Union through the European Structural and Investment Funds.

REFERENCES:

  1. The State of Ransomware 2025, SOPHOS White Paper (2025), http://bit.ly/4avjxli, last accessed 2026/02/11
  2. Russell, P. Norvig (eds), Artificial Intelligence: A Modern Approach, 4th edn. Pearson (2022)
  3. DBIR 2025 Data Breach Investigation Report, Verizon (2025), https://bit.ly/4arMRJl, last accessed 2026/02/11
  4. 2025 Ransomware Trends and Proactive Strategies, Veem Insights report, Veem (2025), https://bit.ly/4r8gfvd, last accessed 2026/02/11
  5. Tafkov, Z. Minchev, Ransomware Detection & Neutralization System, in Proc of X International Scientific Conference Hemus 2020 Research and investment in technology innovation – a crucial factor for defense and security, Defense Institute “Prof. Tsvetan Lazarov”, Bulgaria, pp. II-144-II-152, DOI:10.13140/RG.2.2.21029.12009 (2021)
  6. Medhi, K. Ramasamy, Network Routing (Algorithms, Protocols, and Architectures), 2nd edn. Morgan Kaufmann (2018)
  7. Orebaugh, G. Ramirez, J. Beale, J. Wright, Wireshark & Ethereal Network Protocol Analyzer Toolkit, 1st edn. Syngress, (2007)
  8. yara Documentation Release 4.5.5, Virus Total (2025), https://github.com/VirusTotal/yara/releases, last accessed 2026/02/11
  9. Neidinger, Python Network Programming Techniques: 50 Real-World Recipes to Automate Infrastructure Networks and Overcome Networking Challenges with Python, Packt Publishing (2021)
  10. Burns, Hands-On Network Programming with C# and .NET Core: Build Robust Network Applications with C# and .NET Core”, Packt Publishing (2019)
  11. Ludin, J. Garza, Learning HTTP/2: A Practical Guide for Beginners, O’Reilly Media, 1st edn. (2017)
  12. Odom, CCNA 200-301 Official Cert Guide Library, Cisco Press, 2nd edn. (2024)

 

IZVOR: Proceedings of the 16th International Conference on Business Information Security BISEC’2025