Related papers: Entropy-Synchronized Neural Hashing for Unsupervised Ransomware Detection

Entropy-Synchronized Neural Hashing for Unsupervised Ransomware Detection

URL: http://arxiv.org/abs/2501.18131v1
Date: Thu, 30 Jan 2025 04:40:57 GMT
Title: Entropy-Synchronized Neural Hashing for Unsupervised Ransomware Detection
Authors: Peter Idliman, Wilfred Balfour, Benedict Featheringham, Hugo Chesterfield,
Abstract summary: The Entropy-Synchronized Neural Hashing (ESNH) framework uses entropy-driven hash representations to classify software binaries. The model generates robust and unique hash values that maintain stability even when faced with polymorphic and metamorphic transformations.
Score: 0.0
License:
Abstract: Entropy-based detection methodologies have gained significant attention due to their ability to analyze structural irregularities within executable files, particularly in the identification of malicious software employing advanced obfuscation techniques. The Entropy-Synchronized Neural Hashing (ESNH) framework introduces a novel approach that leverages entropy-driven hash representations to classify software binaries based on their underlying entropy characteristics. Through the synchronization of entropy profiles with neural network architectures, the model generates robust and unique hash values that maintain stability even when faced with polymorphic and metamorphic transformations. Comparative analysis against traditional detection approaches revealed superior performance in identifying novel threats, reducing false-positive rates, and achieving consistent classification across diverse ransomware families. The incorporation of a self-regulating hash convergence mechanism further ensured that entropy-synchronized hashes remained invariant across executions, minimizing classification inconsistencies that often arise due to dynamic modifications in ransomware payloads. Experimental results demonstrated high detection rates across contemporary ransomware strains, with the model exhibiting resilience against encryption-based evasion mechanisms, code injection strategies, and reflective loading techniques. Unlike conventional detection mechanisms that rely on static signatures and heuristic analysis, the proposed entropy-aware classification framework adapts to emerging threats through an inherent ability to capture entropy anomalies within executable structures. The findings reinforce the potential of entropy-based detection in addressing the limitations of traditional methodologies while enhancing detection robustness against obfuscation and adversarial evasion techniques.

Related papers

A Computational Model for Ransomware Detection Using Cross-Domain Entropy Signatures [0.0]
An entropy-based computational framework was introduced to analyze multi-domain system variations. A detection methodology was developed to differentiate between benign and ransomware-induced entropy shifts.
arXiv Detail & Related papers (2025-02-15T07:50:55Z)
Hierarchical Entropy Disruption for Ransomware Detection: A Computationally-Driven Framework [0.0]
Monitoring entropy variations offers an alternative approach to identifying unauthorized data modifications. A framework leveraging hierarchical entropy disruption was introduced to analyze deviations in entropy distributions. evaluating the framework across multiple ransomware variants demonstrated its capability to achieve high detection accuracy.
arXiv Detail & Related papers (2025-02-12T23:29:06Z)
Decentralized Entropy-Driven Ransomware Detection Using Autonomous Neural Graph Embeddings [0.0]
The framework operates on a distributed network of nodes, eliminating single points of failure and enhancing resilience against targeted attacks. The integration of graph-based modeling and machine learning techniques enables the framework to capture complex system interactions. Case studies validate its effectiveness in real-world scenarios, showcasing its ability to detect and mitigate ransomware attacks within minutes of their initiation.
arXiv Detail & Related papers (2025-02-11T11:59:10Z)
Neural Encrypted State Transduction for Ransomware Classification: A Novel Approach Using Cryptographic Flow Residuals [0.0]
An approach based on Neural Encrypted State Transduction (NEST) is introduced to analyze cryptographic flow residuals. NEST maps state transitions dynamically, enabling high-confidence classification without requiring direct access to decrypted execution traces.
arXiv Detail & Related papers (2025-02-07T21:26:51Z)
Hierarchical Entropic Diffusion for Ransomware Detection: A Probabilistic Approach to Behavioral Anomaly Isolation [0.0]
This paper introduces a structured entropy-based anomaly classification mechanism. It tracks fluctuations in entropy evolution to differentiate between benign cryptographic processes and unauthorized encryption attempts. It maintains high classification accuracy across diverse ransomware families, outperforming traditional-based and signature-driven approaches.
arXiv Detail & Related papers (2025-02-06T08:55:11Z)
Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks. We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z)
Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial Robustness [53.094682754683255]
We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically. Our method learns the in adversarial attacks parameterized by a recurrent neural network. We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
arXiv Detail & Related papers (2021-10-13T13:54:24Z)
Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
arXiv Detail & Related papers (2021-01-28T16:38:26Z)
No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems [95.54151664013011]
We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system. We analyze four anomaly detectors published at top security conferences.
arXiv Detail & Related papers (2020-12-07T11:02:44Z)
A Hamiltonian Monte Carlo Method for Probabilistic Adversarial Attack and Learning [122.49765136434353]
We present an effective method, called Hamiltonian Monte Carlo with Accumulated Momentum (HMCAM), aiming to generate a sequence of adversarial examples. We also propose a new generative method called Contrastive Adversarial Training (CAT), which approaches equilibrium distribution of adversarial examples. Both quantitative and qualitative analysis on several natural image datasets and practical systems have confirmed the superiority of the proposed algorithm.
arXiv Detail & Related papers (2020-10-15T16:07:26Z)
Scalable Backdoor Detection in Neural Networks [61.39635364047679]
Deep learning models are vulnerable to Trojan attacks, where an attacker can install a backdoor during training time to make the resultant model misidentify samples contaminated with a small trigger patch. We propose a novel trigger reverse-engineering based approach whose computational complexity does not scale with the number of labels, and is based on a measure that is both interpretable and universal across different network and patch types. In experiments, we observe that our method achieves a perfect score in separating Trojaned models from pure models, which is an improvement over the current state-of-the art method.
arXiv Detail & Related papers (2020-06-10T04:12:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.