A Ransomware Triage Approach using a Task Memory based on Meta-Transfer Learning Framework

Solutions for rapid prioritization of different ransomware have been raised to formulate fast response plans to minimize socioeco-nomic damage from the massive growth of ransomware attacks in recent years. To address this concern, we propose a ransomware triage approach that can rapidly classify and prioritize different ransomware classes. Our Siamese Neural Network (SNN) based approach utilizes a pre-trained ResNet18 network in a meta-learning fashion to reduce the biases in weight and parameter calculations typically associated with a machine learning model trained with a limited number of training samples. Instead of image features typically used as inputs to many existing machine learning-based triage applications, our approach uses the entropy features directly obtained from the ransomware binary files to improve feature representation, resilient to obfuscation noise, and computationally less expensive. Our triage approach can classify ransomware samples into the correct classes if the ransomware features signif-icantly match known ransomware profiles. Our evaluation shows that this classification part of our proposed approach achieves the accuracy exceeding 88% and outperforms other similar classification only machine learning-based approaches. In addition, we offer a new triage strategy based on the normalized and regularized weight ratios that evaluate the level of similarity matching across ransomware classes to identify any risky and unknown ransomware (e.g., zero-day attacks) so that a rapid further analysis can be conducted.

[1]  Yuanyuan Wei,et al.  Artificial Intelligence-Enabled DDoS Detection for Blockchain-Based Smart Transport Systems , 2021, Sensors.

[2]  I. Welch,et al.  A Few-Shot Meta-Learning based Siamese Neural Network using Entropy Features for Ransomware Classification , 2021, Comput. Secur..

[3]  P. Watters,et al.  Task-Aware Meta Learning-Based Siamese Neural Network for Classifying Control Flow Obfuscated Malware , 2021, Future Internet.

[4]  Lirong Chen,et al.  An Efficient Control-flow based Obfuscator for Micropython Bytecode , 2021, 2021 7th International Symposium on System and Software Reliability (ISSSR).

[5]  Sebastian Nowozin,et al.  Memory Efficient Meta-Learning with Large Images , 2021, NeurIPS.

[6]  Houman Homayoun,et al.  Data Flow Obfuscation: A New Paradigm for Obfuscating Circuits , 2021, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[7]  Xinlei Chen,et al.  Exploring Simple Siamese Representation Learning , 2020, 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[8]  Julian Jang-Jaccard,et al.  Multi-Loss Siamese Neural Network With Batch Normalization Layer for Malware Detection , 2020, IEEE Access.

[9]  Julian Jang-Jaccard,et al.  Joint Spectral Clustering based on Optimal Graph and Feature Selection , 2020, Neural Processing Letters.

[10]  Bjorn Ottersten,et al.  Transfer Learning and Meta Learning-Based Fast Downlink Beamforming Adaptation , 2020, IEEE Transactions on Wireless Communications.

[11]  Farrukh Aslam Khan,et al.  TriDroid: a triage and classification framework for fast detection of mobile threats in android markets , 2020, J. Ambient Intell. Humaniz. Comput..

[12]  Nam Ik Cho,et al.  Meta-Transfer Learning for Zero-Shot Super-Resolution , 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[13]  Jimmy J. Lin,et al.  Capreolus: A Toolkit for End-to-End Neural Ad Hoc Retrieval , 2020, WSDM.

[14]  Julian Jang,et al.  The Inadequacy of Entropy-Based Ransomware Detection , 2019, ICONIP.

[15]  Bernt Schiele,et al.  Meta-Transfer Learning Through Hard Tasks , 2019, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[16]  Zhiyuan Liu,et al.  Hybrid Attention-Based Prototypical Networks for Noisy Few-Shot Relation Classification , 2019, AAAI.

[17]  Arianit Kurti,et al.  IoT-based Urban Noise Identification Using Machine Learning: Performance of SVM, KNN, Bagging, and Random Forest , 2019, COINS.

[18]  Alireza Jolfaei,et al.  Ransomware Triage Using Deep Learning: Twitter as a Case Study , 2019, 2019 Cybersecurity and Cyberforensics Conference (CCC).

[19]  Julian Jang,et al.  Large Scale Behavioral Analysis of Ransomware Attacks , 2018, ICONIP.

[20]  Bernt Schiele,et al.  Meta-Transfer Learning for Few-Shot Learning , 2018, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[21]  Riccardo Lazzeretti,et al.  Malware Triage for Early Identification of Advanced Persistent Threat Activities , 2018, Digital Threats: Research and Practice.

[22]  Xilin Chen,et al.  End-To-End Learning for Action Quality Assessment , 2018, PCM.

[23]  Adhistya Erna Permanasari,et al.  Adaptive Synthetic-Nominal (ADASYN-N) and Adaptive Synthetic-KNN (ADASYN-KNN) for Multiclass Imbalance Learning on Laboratory Test Data , 2018, 2018 4th International Conference on Science and Technology (ICST).

[24]  Roberto Baldoni,et al.  Malware Triage Based on Static Features and Public APT Reports , 2017, CSCML.

[25]  Gerhard Widmer,et al.  End-to-end cross-modality retrieval with CCA projections and pairwise ranking loss , 2017, International Journal of Multimedia Information Retrieval.

[26]  Juan E. Tapiador,et al.  TriFlow: Triaging Android Applications using Speculative Information Flows , 2017, AsiaCCS.

[27]  Richard S. Zemel,et al.  Prototypical Networks for Few-shot Learning , 2017, NIPS.

[28]  Sergey Levine,et al.  Model-Agnostic Meta-Learning for Fast Adaptation of Deep Networks , 2017, ICML.

[29]  Eric Bodden,et al.  DroidSearch: A tool for scaling Android app triage to real-world app stores , 2015, 2015 Science and Information Conference (SAI).

[30]  B. S. Manjunath,et al.  SigMal: a static signal processing based malware triage , 2013, ACSAC.

[31]  Fei-Fei Li,et al.  Combining the Right Features for Complex Event Recognition , 2013, 2013 IEEE International Conference on Computer Vision.

[32]  Patrick Traynor,et al.  MAST: triage for market-scale mobile malware analysis , 2013, WiSec '13.

[33]  Rama Chellappa,et al.  Kernel dictionary learning , 2012, 2012 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[34]  David Brumley,et al.  BitShred: feature hashing malware for scalable triage and semantic analysis , 2011, CCS '11.

[35]  Yaxin Bi,et al.  KNN Model-Based Approach in Classification , 2003, OTM.

[36]  Yuan Xiang Gu,et al.  An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs , 2001, ISC.

[37]  Chaoyong Peng,et al.  Fully convolutional siamese networks based change detection for optical aerial images with focal contrastive loss , 2021, Neurocomputing.

[38]  Xujun Zhao,et al.  POD: A Parallel Outlier Detection Algorithm Using Weighted kNN , 2021, IEEE Access.

[39]  Fariza Sabrina,et al.  AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification , 2021, IEEE Access.

[40]  Raymond N. J. Veldhuis,et al.  Few-Shot Learning for Palmprint Recognition via Meta-Siamese Network , 2021, IEEE Transactions on Instrumentation and Measurement.

[41]  Fariza Sabrina,et al.  Improving Performance of Autoencoder-Based Network Anomaly Detection on NSL-KDD Dataset , 2021, IEEE Access.