Towards Low-Latency and Adaptive Ransomware Detection Using Contrastive Learning
- URL: http://arxiv.org/abs/2510.21957v1
- Date: Fri, 24 Oct 2025 18:33:52 GMT
- Title: Towards Low-Latency and Adaptive Ransomware Detection Using Contrastive Learning
- Authors: Zhixin Pan, Ziyu Shu, Amberbir Alemayoh,
- Abstract summary: Ransomware has become a critical threat to cybersecurity due to its rapid evolution, the necessity for early detection, and growing diversity.<n>Existing methods suffer from three major limitations, ad-hoc feature dependencies, delayed response, and limited adaptability to unseen variants.<n>We propose a framework that integrates self-supervised contrastive learning with neural architecture search (NAS) to address these challenges.
- Score: 1.338174941551702
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Ransomware has become a critical threat to cybersecurity due to its rapid evolution, the necessity for early detection, and growing diversity, posing significant challenges to traditional detection methods. While AI-based approaches had been proposed by prior works to assist ransomware detection, existing methods suffer from three major limitations, ad-hoc feature dependencies, delayed response, and limited adaptability to unseen variants. In this paper, we propose a framework that integrates self-supervised contrastive learning with neural architecture search (NAS) to address these challenges. Specifically, this paper offers three important contributions. (1) We design a contrastive learning framework that incorporates hardware performance counters (HPC) to analyze the runtime behavior of target ransomware. (2) We introduce a customized loss function that encourages early-stage detection of malicious activity, and significantly reduces the detection latency. (3) We deploy a neural architecture search (NAS) framework to automatically construct adaptive model architectures, allowing the detector to flexibly align with unseen ransomware variants. Experimental results show that our proposed method achieves significant improvements in both detection accuracy (up to 16.1%) and response time (up to 6x) compared to existing approaches while maintaining robustness under evasive attacks.
Related papers
- Robustness in AI-Generated Detection: Enhancing Resistance to Adversarial Attacks [4.179092469766417]
This paper investigates the vulnerabilities of current AI-generated face detection systems.<n>We propose an approach that integrates adversarial training to mitigate the impact of adversarial examples.<n>We also provide an in-depth analysis of adversarial and benign examples, offering insights into the intrinsic characteristics of AI-generated content.
arXiv Detail & Related papers (2025-05-06T11:19:01Z) - Unleashing the Power of Pre-trained Encoders for Universal Adversarial Attack Detection [21.03032944637112]
Adrial attacks pose a critical security threat to real-world AI systems.<n>This paper proposes a lightweight adversarial detection framework based on the large-scale pre-trained vision-language model CLIP.
arXiv Detail & Related papers (2025-04-01T05:21:45Z) - Lie Detector: Unified Backdoor Detection via Cross-Examination Framework [68.45399098884364]
We propose a unified backdoor detection framework in the semi-honest setting.<n>Our method achieves superior detection performance, improving accuracy by 5.4%, 1.6%, and 11.9% over SoTA baselines.<n> Notably, it is the first to effectively detect backdoors in multimodal large language models.
arXiv Detail & Related papers (2025-03-21T06:12:06Z) - Decentralized Entropy-Based Ransomware Detection Using Autonomous Feature Resonance [0.0]
A novel approach, termed Autonomous Feature Resonance, is introduced to address the limitations of traditional ransomware detection methods.<n>The proposed method achieves an overall detection accuracy of 97.3%, with false positive and false negative rates of 1.8% and 2.1%, respectively.
arXiv Detail & Related papers (2025-02-14T00:26:10Z) - Decentralized Entropy-Driven Ransomware Detection Using Autonomous Neural Graph Embeddings [0.0]
The framework operates on a distributed network of nodes, eliminating single points of failure and enhancing resilience against targeted attacks.<n>The integration of graph-based modeling and machine learning techniques enables the framework to capture complex system interactions.<n>Case studies validate its effectiveness in real-world scenarios, showcasing its ability to detect and mitigate ransomware attacks within minutes of their initiation.
arXiv Detail & Related papers (2025-02-11T11:59:10Z) - A Sysmon Incremental Learning System for Ransomware Analysis and Detection [1.495391051525033]
In the face of increasing cyber threats, particularly ransomware attacks, there is a pressing need for advanced detection and analysis systems.<n>Most of these proposals leverage non-incremental learning approaches that require the underlying models to be updated from scratch to detect new ransomware.<n>This approach is problematic because it leaves sensitive data vulnerable to attack during retraining, as newly emerging ransomware strains may go undetected until the model is updated.<n>We present the Sysmon Incremental Learning System for Analysis and Detection (SILRAD), which enables continuous updates to the underlying model and effectively closes the training gap.
arXiv Detail & Related papers (2025-01-02T06:22:58Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - Unsupervised Domain Adaptive 3D Detection with Multi-Level Consistency [90.71745178767203]
Deep learning-based 3D object detection has achieved unprecedented success with the advent of large-scale autonomous driving datasets.
Existing 3D domain adaptive detection methods often assume prior access to the target domain annotations, which is rarely feasible in the real world.
We study a more realistic setting, unsupervised 3D domain adaptive detection, which only utilizes source domain annotations.
arXiv Detail & Related papers (2021-07-23T17:19:23Z) - Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs.
Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
arXiv Detail & Related papers (2021-01-28T16:38:26Z) - Towards Understanding the Adversarial Vulnerability of Skeleton-based
Action Recognition [133.35968094967626]
Skeleton-based action recognition has attracted increasing attention due to its strong adaptability to dynamic circumstances.
With the help of deep learning techniques, it has also witnessed substantial progress and currently achieved around 90% accuracy in benign environment.
Research on the vulnerability of skeleton-based action recognition under different adversarial settings remains scant.
arXiv Detail & Related papers (2020-05-14T17:12:52Z) - Adversarial vs behavioural-based defensive AI with joint, continual and
active learning: automated evaluation of robustness to deception, poisoning
and concept drift [62.997667081978825]
Recent advancements in Artificial Intelligence (AI) have brought new capabilities to behavioural analysis (UEBA) for cyber-security.
In this paper, we present a solution to effectively mitigate this attack by improving the detection process and efficiently leveraging human expertise.
arXiv Detail & Related papers (2020-01-13T13:54:36Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.