Towards Low-Latency and Adaptive Ransomware Detection Using Contrastive Learning
Zhixin Pan, Ziyu Shu, Amberbir Alemayoh
TL;DR
This paper presents a novel ransomware detection framework combining contrastive learning, neural architecture search, and hardware performance counters to enable low-latency, adaptive, and early detection of ransomware variants.
Contribution
It introduces a contrastive learning approach with HPC analysis, a custom loss for early detection, and NAS for adaptive model architecture, addressing limitations of prior methods.
Findings
Improves detection accuracy by up to 16.1%.
Reduces detection latency by up to 6 times.
Maintains robustness against evasive attacks.
Abstract
Ransomware has become a critical threat to cybersecurity due to its rapid evolution, the necessity for early detection, and growing diversity, posing significant challenges to traditional detection methods. While AI-based approaches had been proposed by prior works to assist ransomware detection, existing methods suffer from three major limitations, ad-hoc feature dependencies, delayed response, and limited adaptability to unseen variants. In this paper, we propose a framework that integrates self-supervised contrastive learning with neural architecture search (NAS) to address these challenges. Specifically, this paper offers three important contributions. (1) We design a contrastive learning framework that incorporates hardware performance counters (HPC) to analyze the runtime behavior of target ransomware. (2) We introduce a customized loss function that encourages early-stage…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.