Article
Version 1
Preserved in Portico This version is not peer-reviewed
Enhanced Ransomware Identification via Feature Extraction with Class Feature Weighting
Version 1
: Received: 11 November 2023 / Approved: 16 November 2023 / Online: 20 November 2023 (11:06:27 CET)
How to cite: Wang, F. Enhanced Ransomware Identification via Feature Extraction with Class Feature Weighting. Preprints 2023, 2023111147. https://doi.org/10.20944/preprints202311.1147.v1 Wang, F. Enhanced Ransomware Identification via Feature Extraction with Class Feature Weighting. Preprints 2023, 2023111147. https://doi.org/10.20944/preprints202311.1147.v1
Abstract
Ransomware attacks have risen alarmingly, with encryption techniques becoming more complex. This paper introduces a novel detection model tailored for ransomware's distinctive characteristics. The Intel PIN tool extracts Windows API invocation sequences related to file operations. These sequences are used to construct n-grams, forming feature vectors enhanced by a new Class Feature Weighting (CFW) metric to improve malware detection. Preliminary results demonstrate elevated accuracy and precision versus existing methods. The major contributions are: (1) Introducing an innovative deep learning model for few-shot ransomware classification using entropy features and transfer learning. (2) Achieving high weighted F1-score in classifying ransomware variants into families with limited training data. (3) Demonstrating the potential of entropy-based features to capture intricacies lost in image-based approaches, improving detection of new strains.
Keywords
ransomware detection; machine learning; dynamic analysis; n-grams; Class Feature Weighting (CFW)
Subject
Computer Science and Mathematics, Computer Science
Copyright: This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Comments (0)
We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.
Leave a public commentSend a private comment to the author(s)
* All users must log in before leaving a comment