Cross-temporal Detection of Novel Ransomware Campaigns: A Multi-Modal Alert Approach
Sathvik Murli, Dhruv Nandakumar, Prabhat Kumar Kushwaha, Cheng Wang,, Christopher Redino, Abdul Rahman, Shalini Israni, Tarun Singh, Edward Bowen
TL;DR
This paper introduces a scalable, multi-modal alert graph approach for detecting and analyzing ransomware campaigns over time, enhancing adaptability and effectiveness in identifying attack patterns from various alert sources.
Contribution
It presents a novel method for constructing and classifying alert graphs from multiple alert sources to detect ransomware campaigns across different attack timelines.
Findings
Effective detection of ransomware campaigns using alert graphs
Scalable approach adaptable to various attack patterns
Maintains efficacy with low-dimensional node features
Abstract
We present a novel approach to identify ransomware campaigns derived from attack timelines representations within victim networks. Malicious activity profiles developed from multiple alert sources support the construction of alert graphs. This approach enables an effective and scalable representation of the attack timelines where individual nodes represent malicious activity detections with connections describing the potential attack paths. This work demonstrates adaptability to different attack patterns through implementing a novel method for parsing and classifying alert graphs while maintaining efficacy despite potentially low-dimension node features.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Network Security and Intrusion Detection · Information and Cyber Security