Federated Learning Approach for Distributed Ransomware Analysis
Abstract
Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents a machine learning (ML) framework for early ransomware detection and attribution. The solution pursues a data-centric approach which uses a minimalist ransomware dataset and implements static analysis using portable executable (PE) files. Results for several ML classifiers confirm strong performance in terms of accuracy and zero-day threat detection.
- Publication:
-
arXiv e-prints
- Pub Date:
- June 2023
- DOI:
- 10.48550/arXiv.2306.14090
- arXiv:
- arXiv:2306.14090
- Bibcode:
- 2023arXiv230614090V
- Keywords:
-
- Computer Science - Cryptography and Security
- E-Print:
- 8 figures, 4 tables