To enhance the efficiency of incident response triage operations, it is not cost-effective to defend all systems equally in a complex cyber environment. Instead, prioritizing the defense of critical functionality and the most vulnerable systems is desirable. Threat intelligence is crucial for guiding SOC analysts' focus toward specific system activity and provides the primary contextual foundation for interpreting security alerts. This paper explores novel approaches for improving incident response triage operations, including ransomware attacks and zero-day malware. This solution for rapid prioritization of different ransomware has been raised to formulate fast response plans to minimize socioeconomic damage from the massive growth of ransomware attacks in recent years; it can also be extended to other incident responses. To address this concern, we propose a ransomware triage approach that can rapidly classify and prioritize different ransomware classes. We utilize a pre-trained ResNet18 network based on Siamese Neural Network (SNN) to reduce the biases in weight and parameters. In addition, our approach uses the entropy features directly obtained from the binary ransomware files to improve feature representation, resilient to obfuscation noise, and computationally less expensive, which evaluation also shows that this classification part of our proposed approach achieves the accuracy exceeding ....and outperforms other similar classification performance. This new triage strategy based on Task memory with meta-learning evaluates the level of similarity matching across ransomware classes to identify any risky and unknown ransomware (e.g., zero-day attacks) so that a defense of those that support critical functionality can be conducted.
翻译:为了提高事件应对分级行动的效率,在复杂的网络环境中平等地捍卫所有系统是不符合成本效益的。相反,优先考虑保护关键功能和最脆弱的系统是可取的。威胁情报对于指导SOC分析人员关注特定系统活动至关重要,并且为解释安全警报提供了基本背景基础。本文探讨了改进事件应对分级行动的新办法,包括赎金软件袭击和零天恶意软件。为快速确定不同赎金软件的优先次序,提出了快速应对计划,以尽量减少近年来赎金软件袭击的大规模增长造成的社会经济损害;还可以推广到其他事件应对措施。为解决这一关切,我们提出了赎金软件三级处理方法,可以快速对不同赎金软件类别进行分类和优先排序。我们利用了预先培训的ResNet18网络,以降低重量和参数上的偏差。此外,我们的方法是直接从硬质赎金软件文档中获取的催眠功能,以便提高特征代表、耐受挫噪音的强度,以及计算成本更低。为了解决这一问题,我们提出了一种赎金分级组合,这个分级方法也显示了我们基于类似程度的排序。</s>