Enhanced Ransomware Detection Using VMware-Based HPC Feature Extraction and CNN2D Optimisation with SHAP Explainability Analysis

Q: How many days will it take for my paper to be published?

The review time for papers is not fixed. However, if the paper is accepted and the author completes the processing charges formalities, the paper will be published within a few working days.

Q: I would like to receive a hard copy of the journal materials. Are there any additional charges?

You can log in to the author portal and pay 500 INR to receive the hard copy materials.

Q: Do IJIRT provide DOI for published papers?

Yes, we provide a DOI (Digital Object Identifier) upon request. Authors can contact us at editor@ijirt.org after publication to obtain the DOI for their paper.

Q: Do we provide Published Journal Print copy?

No, we do not provide Published Journal Print copy.

Q: Why am I not able to register to IPN?

There might be three potential reasons: 1) You did not verify your mobile number before clicking on the register button. Please click on the Verify sign immediately after entering your mobile number and complete OTP verification. 2) You are an international author. The IPN is enabled only for Indian Authors. 3) You did not tick the Terms & Conditions checkbox. Please make sure to select it before clicking on the register button.

Q: Where can I get a sample publication certificate?

Please login to Author Home, where you will find the sample copy of the publication certificate and confirmation letter.

Q: I made the processing charges payment and the amount is deducted from my bank account, but it is not updated in my Author Home. What should I do?

Please wait for one working day. We will check at our end and update the status. If it is still not updated after one working day, please email your Razorpay Payment ID along with the payment proof snapshot to editor@ijirt.org.

Q: Where can I sign the Copyright and Undertaking Declaration?

To publish your paper in IJIRT, copyright and undertaking is mandatory. You can digitally sign both by logging into Author Home and checking the right-side section.

Q: How many pages are allowed?

There is no page limit. However, to enhance quality and reader experience, we recommend keeping the paper up to 30 pages (single or double column) without extra charges.

Q: How many authors per paper are allowed?

Up to 13 authors are allowed without extra charges.

Zeba unnisa; Md Shoaib Uddin Chanda; Mohammed Asim; Maimona Jaweed

Enhanced Ransomware Detection Using VMware-Based HPC Feature Extraction and CNN2D Optimisation with SHAP Explainability Analysis

Authors: Zeba unnisa, Md Shoaib Uddin Chanda, Mohammed Asim, Maimona Jaweed

Unique Paper ID: 197420
Volume: 12
Issue: 11
PageNo: 5997-6008

Keywords: Ransomware Detection; Hardware Performance Counters; CNN2D; VMware; SHAP; Machine Learning; Deep Learning; Adversarial Robustness; Real-Time Detection; Cybersecurity

Abstract:
Ransomware continues to be one of the most financially destructive categories of malware, with projected annual global damages exceeding $265 billion by 2031. Conventional detection systems that operate within the victim machine are increasingly inadequate: they introduce runtime overhead and are vulnerable to being disabled by the attacker. This paper proposes a detection framework that collects Hardware Performance Counter (HPC) data and disk I/O event counts entirely through the VMware hypervisor interface, external to the victim environment, and applies a two-dimensional Convolutional Neural Network (CNN2D) to the resulting 13-feature vector. Experiments on the publicly available Harvard Dataverse HPC and I/O Events dataset — 6,000 labelled samples, 22 ransomware families, six user workloads — show the Extension CNN2D achieves 98.92% accuracy with an average inference latency of 3.21 ms, against a 400 ms baseline in the prior work of Thummapudi et al. Seven baseline classifiers are evaluated in full, with XGBoost achieving 100% on the test set and Random Forest 98.42%. A SHAP explainability analysis, applied here for the first time on this dataset, reveals that Branch Mispredictions and Cache Misses are the two dominant ransomware indicators — an unexpected result that challenges the assumption that disk write activity is the primary detection signal. Adversarial robustness testing under Gaussian feature perturbation confirms 98.67% attack detection at 50% noise. Ten-fold stratified cross-validation yields 99.08% ± 0.39%, confirming that results are stable across all data partitions.

Download article

email to a friend

Copyright & License

Copyright © 2026 Authors retain the copyright of this article. This article is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

BibTeX

@article{197420,
        author = {Zeba unnisa and Md Shoaib Uddin Chanda and Mohammed Asim and Maimona Jaweed},
        title = {Enhanced Ransomware Detection Using VMware-Based HPC Feature Extraction and CNN2D Optimisation with SHAP Explainability Analysis},
        journal = {International Journal of Innovative Research in Technology},
        year = {2026},
        volume = {12},
        number = {11},
        pages = {5997-6008},
        issn = {2349-6002},
        url = {https://ijirt.org/article?manuscript=197420},
        abstract = {Ransomware continues to be one of the most financially destructive categories of malware, with projected annual global damages exceeding $265 billion by 2031. Conventional detection systems that operate within the victim machine are increasingly inadequate: they introduce runtime overhead and are vulnerable to being disabled by the attacker. This paper proposes a detection framework that collects Hardware Performance Counter (HPC) data and disk I/O event counts entirely through the VMware hypervisor interface, external to the victim environment, and applies a two-dimensional Convolutional Neural Network (CNN2D) to the resulting 13-feature vector. Experiments on the publicly available Harvard Dataverse HPC and I/O Events dataset — 6,000 labelled samples, 22 ransomware families, six user workloads — show the Extension CNN2D achieves 98.92% accuracy with an average inference latency of 3.21 ms, against a 400 ms baseline in the prior work of Thummapudi et al. Seven baseline classifiers are evaluated in full, with XGBoost achieving 100% on the test set and Random Forest 98.42%. A SHAP explainability analysis, applied here for the first time on this dataset, reveals that Branch Mispredictions and Cache Misses are the two dominant ransomware indicators — an unexpected result that challenges the assumption that disk write activity is the primary detection signal. Adversarial robustness testing under Gaussian feature perturbation confirms 98.67% attack detection at 50% noise. Ten-fold stratified cross-validation yields 99.08% ± 0.39%, confirming that results are stable across all data partitions.},
        keywords = {Ransomware Detection; Hardware Performance Counters; CNN2D; VMware; SHAP; Machine Learning; Deep Learning; Adversarial Robustness; Real-Time Detection; Cybersecurity},
        month = {April},
        }

Download .bib

Cite This Article

unnisa, Z., & Chanda, M. S. U., & Asim, M., & Jaweed, M. (2026). Enhanced Ransomware Detection Using VMware-Based HPC Feature Extraction and CNN2D Optimisation with SHAP Explainability Analysis. International Journal of Innovative Research in Technology (IJIRT), 12(11), 5997–6008.

Impact Factor
8.412 (Year 2026)

An UGC-Compliant International Research Journal

Join Our IPN

IJIRT Partner Network

Submit your research paper and those of your network (friends, colleagues, or peers) through your IPN account, and receive 800 INR for each paper that gets published.

Join Now