The Internet of Medical Things (IoMT) brings connectivity to healthcare, but it also introduces new risks. This blog summarizes our recent research on how entropy and supervised learning models can proactively detect ransomware before damage occurs.
Why Entropy?
Entropy reflects the randomness of data. Encrypted files often show maximum entropy. By analyzing the entropy change in key files and combining it with behavioral metrics, our detection system spots subtle attacks that bypass traditional signatures.
Our Dataset
We collected over 50,000 samples from simulated SpO2 sensors, labeled into normal, anomaly, stealth ransomware, and brutal ransomware categories. We computed entropy and Super Entropy for each case, along with system usage data like CPU, Disk, and Network activity.
Results
Brutal ransomware: AUC improved from 0.872 → 0.959 with entropy.
Best overall: Random Forest reached an AUC of 0.937.
Precision: 99.4% with a scoring mechanism to suppress redundant alerts.
Tools Used
Python (Pandas, Sklearn, Matplotlib)
Isolation Forest, LOF, One-Class SVM
Random Forest, Gradient Boosting
Custom scoring and alert cooldown logic
Conclusion
Our method shows how entropy, when smartly integrated into ML pipelines, strengthens early detection of ransomware—especially in stealthy scenarios. Future work includes federated learning and on-device AI agents for real-time protection.📖 Read the full paper for all details and dataset structure.➡️ 📄 Download the full research paper (PDF)