Solutions for rapid prioritization of different ransomware have been raised to formulate fast response plans to minimize socioeconomic damage from the massive growth of ransomware attacks in recent years. To address this concern, we propose a ransomware triage approach that can rapidly classify and prioritize different ransomware classes. Our Siamese Neural Network (SNN) based approach utilizes a pre-trained ResNet18 network in a meta-learning fashion to reduce the biases in weight and parameter calculations typically associated with a machine learning model trained with a limited number of training samples. Instead of image features typically used as inputs to many existing machine learning-based triage applications, our approach uses the entropy features directly obtained from the ransomware binary files to improve feature representation, resilient to obfuscation noise, and computationally less expensive. Our triage approach can classify ransomware samples into the correct classes if the ransomware features significantly match known ransomware profiles. Our evaluation shows that this classification part of our proposed approach achieves the accuracy exceeding 88% and outperforms other similar classification only machine learning-based approaches. In addition, we offer a new triage strategy based on the normalized and regularized weight ratios that evaluate the level of similarity matching across ransomware classes to identify any risky and unknown ransomware (e.g., zero-day attacks) so that a rapid further analysis can be conducted
翻译:为制定快速确定不同赎金软件优先次序的解决方案,以制定快速应对计划,最大限度地减少近年来大规模增加赎金软件袭击造成的社会经济损害。为解决这一关切,我们提议采用赎金软件分级办法,快速对不同赎金软件类别进行分类和优先排序。我们以暹罗神经网络(SNN)为基础的方法,以元学习方式,使用预先培训的ResNet18网络,以减少在重量和参数计算方面的偏差,这通常与经过培训、培训样本数量有限的机器学习模型有关。我们的方法不是通常用作许多现有机器学习软件中基于机器学习的三角应用程序的投入,而是使用直接从赎金软件二进制文档中获取的催眠功能来改进特征代表、耐受迷惑噪音影响和计算成本较低的功能。我们的三角方法可以将赎金软件样本分类为正确的类别,如果赎金软件与已知的赎金软件配置非常匹配。我们的评价表明,我们拟议方法中的这一分类部分实现了超过88 %的准确度,并且超过了其他类似的仅基于机器学习的方法。此外,我们提出一个新的三联战略是以标准化和固定的风险比重比率为基础,可以进一步确定每天的标准化和固定风险赎金等级。