A., Sekar, ArjunSekar, ArjunA.S.G., Kulkarni, Sameer G.Kulkarni, Sameer G.S.G.J., Kuri, JoyKuri, JoyJ.2025-09-012025-09-019.80E+12215525092155248710.1109/COMSNETS63942.2025.108856812-s2.0-105001666877https://www.scopus.com/inward/record.uri?eid=2-s2.0-105001666877&doi=10.1109%2FCOMSNETS63942.2025.10885681&partnerID=40&md5=7f334e6b3a8bff6217c835b9fb3f2b78https://d8.irins.org/handle/IITG2025/29344In this work, we propose a two-phased approach to detect and deter ransomware in real-time. We leverage the capabilities of eBPF (Extended Berkeley Packet Filter) and artificial intelligence (AI) to develop proactive and reactive methods. In the first phase, we utilize signature-based detection, where we employ custom eBPF programs to trace the execution of new processes and perform hash-based analysis against a known ransomware dataset. In the second, we employ a behavior-based technique that focuses on monitoring the process activities using a custom eBPF program and the creation of ransom notes - a prominent indicator of ransomware activity through the use of Natural Language Processing (NLP). By leveraging eBPF's low-level tracing capabilities and integrating NLP based machine learning algorithms, our solution achieves an impressive 99.79% accuracy in identifying ransomware incidents within a few seconds on the onset of zero-day attacks. � 2025 Elsevier B.V., All rights reserved.EnglishMalwareNatural language processing systemsBehavior-basedBerkeley packet filtersCyber securityExtended berkeley packet filterFilter programsLanguage processingNatural language processingNatural languagesReal- timeSignature based detectionsZero-day attackConference paper20251