Federated Learning Approach for Distributed Ransomware Analysis
Aldin Vehabovic, Hadi Zanddizari, Farook Shaikh, Nasir Ghani, Morteza, Safaei Pour, Elias Bou-Harb, Jorge Crichigno
TL;DR
This paper introduces a federated learning-based machine learning framework for early detection and attribution of modern ransomware threats using static analysis of portable executable files, addressing challenges of limited samples and recent malware variants.
Contribution
It presents a novel federated learning approach tailored for ransomware analysis, emphasizing data privacy and effectiveness on minimal datasets.
Findings
High accuracy in ransomware detection
Effective zero-day threat identification
Strong performance across multiple ML classifiers
Abstract
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents a machine learning (ML) framework for early ransomware detection and attribution. The solution pursues a data-centric approach which uses a minimalist ransomware dataset and implements static analysis using portable executable (PE) files. Results for several ML classifiers confirm strong performance in terms of accuracy and zero-day threat detection.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Network Security and Intrusion Detection · Information and Cyber Security