A stratified ransomware mitigation model based on zero trust and network segmentation architectures

Justine Utsu Undiandeye; Moses Adah Agana; Bassey Igbo Ele

doi:10.61298/pnspsc.2026.3.271

Authors

Justine Utsu Undiandeye
[email protected]

Department of Cybersecurity, University of Calabar, Calabar, PMB 1115, Nigeria
Moses Adah Agana
Department of Cybersecurity, University of Calabar, Calabar, PMB 1115, Nigeria
Bassey Igbo Ele
Department of Information Systems, University of Calabar, Calabar, PMB 1115, Nigeria

Keywords:

Ransomware Mitigation, Zero trust architecture, Network segmentation, Threat detection, Hybrid security model

Abstract

Ransomware poses a significant threat to information technology because of its ability to spread laterally across computer networks. This paper presents the design and implementation of a stratified mitigation model that combines Zero Trust Architecture (ZTA) with network segmentation to impede ransomware propagation. The proposed model integrates continuous verification through ZTA with the structural containment provided by network segmentation. It was implemented using pfSense, VMware, and GNS3, and evaluated using actual flow patterns extracted from a Ryuk ransomware packet-capture (PCAP) dataset. The model demonstrated automated containment based on real ransomware activity patterns, including distinctive Server Message Block (SMB) traffic profiles and rapid byte-transfer rates. Detection and containment were achieved within sub-second timescales, with a time-to-detect (TTD) of 0.31 s and a time-to-contain (TTC) of 0.32 s. These results outperform standalone ZTA (TTD: 1.50 s; TTC: 2.50 s) and standalone network segmentation (TTD: 0.65 s; TTC: 0.65 s). Across 20 controlled simulation runs, the model achieved a detection accuracy of 85.0%, precision of 81.8%, recall of 90.0%, an F1-score of 85.7%, and a false positive rate of 10%. The results show that the hybrid approach offers a pragmatic and measurable improvement over individual strategies for securing networks against ransomware.

Dimensions

REFERENCES

[1] G. Nagar, ``The evolution of ransomware: Tactics, techniques, and mitigation strategies'', International Journal of Scientific Research and Management 12 (2024) 1282. https://doi.org/10.18535/ijsrm/v12i06.ec09.

[2] J. Kindervag, ``No more chewy centers: introducing the Zero Trust Model of information security'', Forrester Research, Cambridge, MA, USA, 2010, pp. 1--17. Available online: https://www.forrester.com/report/no-more-chewy-centers-introducing-the-zero-trust-model-of-information-security/RES56682.

[3] S. Rose, O. Borchert, S. Mitchell & S. Connelly, ``Zero trust architecture'', National Institute of Standards and Technology Special Publication 800-207, Gaithersburg, MD, USA, 2020, pp. 1--50. https://doi.org/10.6028/NIST.SP.800-207.

[4] A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge & E. Kirda, ``Cutting the Gordian knot: A look under the hood of ransomware attacks'', in Detection of Intrusions and Malware, and Vulnerability Assessment, M. Almgren, V. Gulisano & F. Maggi (Eds.), Springer, Cham, Switzerland, 2015, pp. 3--24. https://doi.org/10.1007/978-3-319-20550-2_1.

[5] S. Razaulla, C. Fachkha, C. Markarian, A. Gawanmeh, W. Mansoor & B. C. M. Fung, ``The age of ransomware: A survey on the evolution, taxonomy, and research directions'', IEEE Access 11 (2023) 40698. https://doi.org/10.1109/ACCESS.2023.3268535.

[6] S. Teerakanok, T. Uehara & A. Inomata, ``Migrating to Zero Trust Architecture: Reviews and challenges'', Security and Communication Networks 2021 (2021) 9947347. https://doi.org/10.1155/2021/9947347.

[7] M. R. Yalla, ``Zero-trust security architecture in the AI era: A novel framework for enterprise cyber resilience'', International Journal of Science and Research Archive 13 (2024) 4341. https://doi.org/10.30574/ijsra.2024.13.2.0172.

[8] I. A. Wonor, M. O. Musa & C. M. Osazuwa, ``Zero trust and micro-segmentation: Strengthening network security'', The American Journal of Management and Economics Innovations 7 (2025) 45. https://doi.org/10.37547/tajmei/volume07issue10-05.

[9] G. Karantzas & C. Patsakis, ``An empirical assessment of endpoint security systems against advanced persistent threats attack vectors'', arXiv:2108.10422 (2021). https://doi.org/10.48550/arXiv.2108.10422.

[10] N. Sheikh, ``Zero trust using network micro segmentation'', IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Vancouver, BC, Canada, 2021, pp. 1--6. https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484645.