A Ransomware Triage Approach using a Task Memory based on Meta-Transfer Learning Framework

To enhance the efficiency of incident response triage operations, it is not cost-effective to defend all systems equally in a complex cyber environment. Instead, prioritizing the defense of critical functionality and the most vulnerable systems is desirable. Threat intelligence is crucial for guiding SOC analysts' focus toward specific system activity and provides the primary contextual foundation for interpreting security alerts. This paper explores novel approaches for improving incident response triage operations, including ransomware attacks and zero-day malware. This solution for rapid prioritization of different ransomware has been raised to formulate fast response plans to minimize socioeconomic damage from the massive growth of ransomware attacks in recent years; it can also be extended to other incident responses. To address this concern, we propose a ransomware triage approach that can rapidly classify and prioritize different ransomware classes. We utilize a pre-trained ResNet18 network based on Siamese Neural Network (SNN) to reduce the biases in weight and parameters. In addition, our approach uses the entropy features directly obtained from the binary ransomware files to improve feature representation, resilient to obfuscation noise, and computationally less expensive, which evaluation also shows that this classification part of our proposed approach achieves the accuracy exceeding ....and outperforms other similar classification performance. This new triage strategy based on Task memory with meta-learning evaluates the level of similarity matching across ransomware classes to identify any risky and unknown ransomware (e.g., zero-day attacks) so that a defense of those that support critical functionality can be conducted.