Data-Centric Machine Learning Approach for Early Ransomware Detection and Attribution
Aldin Vehabovic, Hadi Zanddizari, Nasir Ghani, Farooq Shaikh, Elias, Bou-Harb, Morteza Safaei Pour, Jorge Crichigno
TL;DR
This paper introduces a data-centric machine learning framework utilizing static analysis of portable executable files for early ransomware detection and attribution, demonstrating high accuracy even with limited samples.
Contribution
It proposes a novel data-centric ML approach focusing on minimal datasets and static analysis for effective early ransomware detection and attribution.
Findings
High accuracy in ransomware detection
Effective zero-day threat identification
Strong performance with limited data
Abstract
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents a machine learning(ML) framework for early ransomware detection and attribution. The solution pursues a data-centric approach which uses a minimalist ransomware dataset and implements static analysis using portable executable(PE) files. Results for several ML classifiers confirm strong performance in terms of accuracy and zero-day threat detection.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Network Security and Intrusion Detection · Digital and Cyber Forensics