Related papers: A Comprehensive Analysis of Machine Learning Based File Trap Selection Methods to Detect Crypto Ransomware

A Comprehensive Analysis of Machine Learning Based File Trap Selection Methods to Detect Crypto Ransomware

URL: http://arxiv.org/abs/2409.11428v1
Date: Fri, 13 Sep 2024 13:31:24 GMT
Title: A Comprehensive Analysis of Machine Learning Based File Trap Selection Methods to Detect Crypto Ransomware
Authors: Mohan Anand Putrevu, Hrushikesh Chunduri, Venkata Sai Charan Putrevu, Sandeep K Shukla,
Abstract summary: To minimize file loss during the ransomware attack, detecting file modifications at the earliest execution stage is considered very important. This paper evaluates various machine learning-based trap selection methods for reducing file loss, detection delay, and endpoint overhead.
Score: 0.6597195879147557
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The use of multi-threading and file prioritization methods has accelerated the speed at which ransomware encrypts files. To minimize file loss during the ransomware attack, detecting file modifications at the earliest execution stage is considered very important. To achieve this, selecting files as traps and monitoring changes to them is a practical way to deal with modern ransomware variants. This approach minimizes overhead on the endpoint, facilitating early identification of ransomware. This paper evaluates various machine learning-based trap selection methods for reducing file loss, detection delay, and endpoint overhead. We specifically examine non-parametric clustering methods such as Affinity Propagation, Gaussian Mixture Models, Mean Shift, and Optics to assess their effectiveness in trap selection for ransomware detection. These methods select M files from a directory with N files (M<N) and use them as traps. In order to address the shortcomings of existing machine learning-based trap selection methods, we propose APFO (Affinity Propagation with File Order). This method is an improvement upon existing non-parametric clustering-based trap selection methods, and it helps to reduce the amount of file loss and detection delay encountered. APFO demonstrates a minimal file loss percentage of 0.32% and a detection delay of 1.03 seconds across 18 contemporary ransomware variants, including rapid encryption variants of lock-bit, AvosLocker, and Babuk.

Related papers

ROFBS$α$: Real Time Backup System Decoupled from ML Based Ransomware Detection [0.0]
This study introduces ROFBS$alpha$, a new defense architecture that addresses delays in detection in ransomware detectors based on machine learning. It builds on our earlier Real Time Open File Backup System, ROFBS, by adopting an asynchronous design that separates backup operations from detection tasks.
arXiv Detail & Related papers (2025-04-19T03:36:01Z)
GuardFS: a File System for Integrated Detection and Mitigation of Linux-based Ransomware [8.576433180938004]
GuardFS is a file system-based approach to investigate the integration of detection and mitigation of ransomware. Using a bespoke overlay file system, data is extracted before files are accessed. Models trained on this data are used by three novel defense configurations that obfuscate, delay, or track access to the file system.
arXiv Detail & Related papers (2024-01-31T15:33:29Z)
Ransomware Detection Using Federated Learning with Imbalanced Datasets [0.0]
This paper presents a weighted cross-entropy loss function approach to mitigate dataset imbalance. A detailed performance evaluation study is then presented for the case of static analysis using the latest Windows-based ransomware families.
arXiv Detail & Related papers (2023-11-13T21:21:39Z)
Interpretable Machine Learning for Detection and Classification of Ransomware Families Based on API Calls [5.340730281227837]
This research work utilizes the frequencies of different API calls to detect and classify ransomware families. A WebCrawler is developed to automate collecting the Windows Portable Executable PE files of 15 different ransomware families. Logistic Regression can efficiently classify ransomware into their corresponding families securing 9915 accuracy.
arXiv Detail & Related papers (2022-10-16T15:54:45Z)
Plug-and-Play Few-shot Object Detection with Meta Strategy and Explicit Localization Inference [78.41932738265345]
This paper proposes a plug detector that can accurately detect the objects of novel categories without fine-tuning process. We introduce two explicit inferences into the localization process to reduce its dependence on annotated data. It shows a significant lead in both efficiency, precision, and recall under varied evaluation protocols.
arXiv Detail & Related papers (2021-10-26T03:09:57Z)
Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits [55.740716446995805]
We study a novel attack paradigm, which modifies model parameters in the deployment stage for malicious purposes. Our goal is to misclassify a specific sample into a target class without any sample modification. By utilizing the latest technique in integer programming, we equivalently reformulate this BIP problem as a continuous optimization problem.
arXiv Detail & Related papers (2021-02-21T03:13:27Z)
Change Point Detection in Time Series Data using Autoencoders with a Time-Invariant Representation [69.34035527763916]
Change point detection (CPD) aims to locate abrupt property changes in time series data. Recent CPD methods demonstrated the potential of using deep learning techniques, but often lack the ability to identify more subtle changes in the autocorrelation statistics of the signal. We employ an autoencoder-based methodology with a novel loss function, through which the used autoencoders learn a partially time-invariant representation that is tailored for CPD.
arXiv Detail & Related papers (2020-08-21T15:03:21Z)
Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)
Detecting malicious PDF using CNN [46.86114958340962]
Malicious PDF files represent one of the biggest threats to computer security. We propose a novel algorithm that uses an ensemble of Convolutional Neural Network (CNN) on the byte level of the file. We show, using a data set of 90000 files downloadable online, that our approach maintains a high detection rate (94%) of PDF malware.
arXiv Detail & Related papers (2020-07-24T18:27:45Z)
Scalable Backdoor Detection in Neural Networks [61.39635364047679]
Deep learning models are vulnerable to Trojan attacks, where an attacker can install a backdoor during training time to make the resultant model misidentify samples contaminated with a small trigger patch. We propose a novel trigger reverse-engineering based approach whose computational complexity does not scale with the number of labels, and is based on a measure that is both interpretable and universal across different network and patch types. In experiments, we observe that our method achieves a perfect score in separating Trojaned models from pure models, which is an improvement over the current state-of-the art method.
arXiv Detail & Related papers (2020-06-10T04:12:53Z)
Towards a Resilient Machine Learning Classifier -- a Case Study of Ransomware Detection [5.560986338397972]
A machine learning (ML) classifier was built to detect ransomware (called crypto-ransomware) We find that input/output activities of ransomware and the file-content entropy are unique traits to detect crypto-ransomware. In addition to accuracy and resiliency, trustworthiness is the other key criteria for a quality detector.
arXiv Detail & Related papers (2020-03-13T18:02:19Z)
MDEA: Malware Detection with Evolutionary Adversarial Learning [16.8615211682877]
MDEA, an Adversarial Malware Detection model uses evolutionary optimization to create attack samples to make the network robust against evasion attacks. By retraining the model with the evolved malware samples, its performance improves a significant margin.
arXiv Detail & Related papers (2020-02-09T09:59:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.