Q Canary : An AI and Quantum based Ransomware detection Solution
MohitChandraSaxenaM2
22 views
18 slides
Aug 27, 2025
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
An AI and Quantum based Early Ransomware detection Solution
Slide Content
Q-Canary: Hybrid Quantum-AI for
Early Ransomware Detection
AI + Quantum = Detect & stop
ransomware in the pre-encryption
window
The Patriots
Dr. Mohit Chandra Saxena & Mr. Abhishek Tamrakar
Early Ransomware Detection
AI + Quantum = Detect & stop
ransomware in the pre-encryption
window
The Patriots
Dr. Mohit Chandra Saxena & Mr. Abhishek Tamrakar
The
Problem:
Early,
Reliable
Detection
Is Hard
Ransomware does
damage within
seconds once
encryption starts
Traditional
EDR gaps
Signa
tures
are
evad
ed
by
new
varia
nts
Beha
vior
rules
trigg
er
late
or
creat
e
noise
unde
r
heav
y I/O Need sub-5s
detection on subtle
pre-encryption
micro-behaviors
Problem:
Early,
Reliable
Detection
Is Hard
Ransomware does
damage within
seconds once
encryption starts
Traditional
EDR gaps
Signa
tures
are
evad
ed
by
new
varia
nts
Beha
vior
rules
trigg
er
late
or
creat
e
noise
unde
r
heav
y I/O Need sub-5s
detection on subtle
pre-encryption
micro-behaviors
Our Approach: What’s New
Hybrid signal fusion
Lightweight AI model on micro-behaviors (2–5s
windows)
Quantum kernel novelty score to detect
distribution shift
QUBO-optimized canary placement as a
high-confidence tripwire
Act before encryption—throttle/suspend,
snapshot, and isolate
Hybrid signal fusion
Lightweight AI model on micro-behaviors (2–5s
windows)
Quantum kernel novelty score to detect
distribution shift
QUBO-optimized canary placement as a
high-confidence tripwire
Act before encryption—throttle/suspend,
snapshot, and isolate
System Architecture (High-Level)
Endpoint Sensor
(ETW/eBPF)
•File I/O burstiness, entropy
deltas, rename/handle churn,
directory fan-out, token
changes, SMB hints
Feature Builder (Sliding
Windows)
•40–80D vectors per process;
standardization & clipping
AI Baseline (TCN/GRU)
•<5ms inference; calibrated risk
score
Quantum Layer (Kernel
SVM / Q-MMD)
•8–16D reduced features;
detects non-benign shift
Deception (QUBO Canary
Placement)
•Minimal decoys, maximal
coverage of likely ransomware
paths
Orchestrator applies
policy: throttle/suspend,
isolate, alert
Endpoint Sensor
(ETW/eBPF)
•File I/O burstiness, entropy
deltas, rename/handle churn,
directory fan-out, token
changes, SMB hints
Feature Builder (Sliding
Windows)
•40–80D vectors per process;
standardization & clipping
AI Baseline (TCN/GRU)
•<5ms inference; calibrated risk
score
Quantum Layer (Kernel
SVM / Q-MMD)
•8–16D reduced features;
detects non-benign shift
Deception (QUBO Canary
Placement)
•Minimal decoys, maximal
coverage of likely ransomware
paths
Orchestrator applies
policy: throttle/suspend,
isolate, alert
Endpoint Telemetry & Features
•writes/s, bytes/write, inter-write CV
•rename/create rate, unique inode touches
•dir breadth/fan-out, rolling byte entropy
•handle opens/closes, token/privilege changes
•SMB/IPC beacons, parent-child depth
Per-process in 2–5s windows
Featurization: robust scaling, outlier clipping, feature hashing (optional)
•writes/s, bytes/write, inter-write CV
•rename/create rate, unique inode touches
•dir breadth/fan-out, rolling byte entropy
•handle opens/closes, token/privilege changes
•SMB/IPC beacons, parent-child depth
Per-process in 2–5s windows
Featurization: robust scaling, outlier clipping, feature hashing (optional)
Classical
AI
Baseline
Temporal model
•TCN/GRU on short windows for
benign vs pre-encrypt suspicious
Calibrated probabilities
(Platt/Isotonic) for stable
thresholds
Low-latency inference path
(<5ms on CPU)
AI
Baseline
Temporal model
•TCN/GRU on short windows for
benign vs pre-encrypt suspicious
Calibrated probabilities
(Platt/Isotonic) for stable
thresholds
Low-latency inference path
(<5ms on CPU)
Quantum
Layer:
Novelty
via
Quantum
Kernels
Quantum feature map φ(x)
(e.g., ZZ-feature map)
•Compute kernel on 8–16D subset;
flag distance from benign manifold
Train with benign baseline;
batch kernel evaluations
async
Runs on simulator or small
real backend
Layer:
Novelty
via
Quantum
Kernels
Quantum feature map φ(x)
(e.g., ZZ-feature map)
•Compute kernel on 8–16D subset;
flag distance from benign manifold
Train with benign baseline;
batch kernel evaluations
async
Runs on simulator or small
real backend
QUBO
Canary
Placement
(Deception)
Graph model
•File tree + process
access graph →
coverage optimization
Objective:
minimize decoys /
maximize early hit
probability
Solve via
D-Wave/annealing
(or simulated
annealing fallback)
First suspicious
touch →
high-confidence
alert
Canary
Placement
(Deception)
Graph model
•File tree + process
access graph →
coverage optimization
Objective:
minimize decoys /
maximize early hit
probability
Solve via
D-Wave/annealing
(or simulated
annealing fallback)
First suspicious
touch →
high-confidence
alert
Detection
Policy &
Automated
Actions
Stage 0 (Quantum novel,
AI uncertain)
•Throttle disk I/O, redirect to
sandbox, arm canaries
Stage 1 (Quantum + AI
agree)
•Suspend process, snapshot,
isolate, notify SOC
Maintain full forensic
trail
Policy &
Automated
Actions
Stage 0 (Quantum novel,
AI uncertain)
•Throttle disk I/O, redirect to
sandbox, arm canaries
Stage 1 (Quantum + AI
agree)
•Suspend process, snapshot,
isolate, notify SOC
Maintain full forensic
trail
Data
Generation
& Safety
Benign corpus:
Office/IDE/builds/backups/AV
scans
Sandboxed ransomware
simulator: rapid renames &
entropy writes (no real harm)
Atomic pre-encryption tests
Generation
& Safety
Benign corpus:
Office/IDE/builds/backups/AV
scans
Sandboxed ransomware
simulator: rapid renames &
entropy writes (no real harm)
Atomic pre-encryption tests
Evaluation
Plan &
KPIs
Overhead: CPU <3%, disk
<5%, zero kernel drops
FPR < 0.5%/endpoint-hour
under heavy benign I/O
TTD < 3s, PDR high before
irreversible writes
Plan &
KPIs
Overhead: CPU <3%, disk
<5%, zero kernel drops
FPR < 0.5%/endpoint-hour
under heavy benign I/O
TTD < 3s, PDR high before
irreversible writes
Implementation
Stage-6Report, demo, pilot
Stage-5Ablations, tuning, optional real backend
Stage-4Policy fusion & dashboard
Stage-3QUBO canary placement & decoy driver
Stage-2Quantum kernel prototype & integration
Stage-1Sensors + features + baseline AI
Stage-6Report, demo, pilot
Stage-5Ablations, tuning, optional real backend
Stage-4Policy fusion & dashboard
Stage-3QUBO canary placement & decoy driver
Stage-2Quantum kernel prototype & integration
Stage-1Sensors + features + baseline AI
Demo
Walkthrough
Benign workload → stable
Sandboxed ransomware sim
→ Stage 0
Canary touch + quantum shift
→ Stage 1 suspend & alert
Dashboard: timelines,
features, kernel distance
Walkthrough
Benign workload → stable
Sandboxed ransomware sim
→ Stage 0
Canary touch + quantum shift
→ Stage 1 suspend & alert
Dashboard: timelines,
features, kernel distance
Risks &
Mitigations
•Use simulator; cache
kernels; small subsets
Quantum availability
•Calibrated thresholds;
whitelist windows
Backups/scans FP
•eBPF filters; lightweight
models; bounded queues
Performance
Mitigations
•Use simulator; cache
kernels; small subsets
Quantum availability
•Calibrated thresholds;
whitelist windows
Backups/scans FP
•eBPF filters; lightweight
models; bounded queues
Performance
Deployment & Integration
CONTAINERIZED SERVICES;
SIEM/SOAR WEBHOOKS
PROMETHEUS/GRAFANA;
ALERTMANAGER
WINDOWS/LINUX
ENDPOINTS
CONTAINERIZED SERVICES;
SIEM/SOAR WEBHOOKS
PROMETHEUS/GRAFANA;
ALERTMANAGER
WINDOWS/LINUX
ENDPOINTS
ROI & Impact
Stop encryption before damage;
reduce downtime/IR cost
Audit-friendly evidence;
practical quantum advantage
Stop encryption before damage;
reduce downtime/IR cost
Audit-friendly evidence;
practical quantum advantage
Next Steps & Ask
APPROVE LAB PILOT
(10–20 ENDPOINTS)
ACCESS TO VDI/LAB FOR
SAFE SIMULATIONS
WORKSHOP TO ALIGN
PRIORITIES & POLICIES
APPROVE LAB PILOT
(10–20 ENDPOINTS)
ACCESS TO VDI/LAB FOR
SAFE SIMULATIONS
WORKSHOP TO ALIGN
PRIORITIES & POLICIES
Appendix: Tech Stack
•eBPF (bcc), ETW (KrabsETW)Sensors
•PyTorch/Sklearn; TCN/GRUAI
•Qiskit/PennyLane; D-Wave Ocean (QUBO)Quantum
•Docker Compose/K8s; FastAPI;
Redis/Kafka; Prom/GrafanaInfra
•eBPF (bcc), ETW (KrabsETW)Sensors
•PyTorch/Sklearn; TCN/GRUAI
•Qiskit/PennyLane; D-Wave Ocean (QUBO)Quantum
•Docker Compose/K8s; FastAPI;
Redis/Kafka; Prom/GrafanaInfra
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 22
- Slides 18
- Age 99 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
49 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
48 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views