Ransomware is a form of malware that uses encryption methods to prevent legitimate users from accessing their data files. To date, many ransomware families have been released, causing immense damage and financial losses for private users, corporations, and governments. As a result, researchers have proposed a range of ransomware detection schemes using various machine learning (ML) methods to analyze binary files and action sequences. However as this threat continues to proliferate, it is becoming increasingly difficult to collect and analyze massive amounts of ransomware executables and trace data at a common site (due to data privacy and scalability concerns). Hence this paper presents a novel distributed ransomware analysis (DRA) solution for detection and attribution using the decentralized federated learning (FL) framework. Detailed performance evaluation is then conducted for the case of static analysis with rapid/lightweight feature extraction using an up-to-date ransomware repository. Overall results confirm the effectiveness the FL-based solution.
CITATION STYLE
Vehabovic, A., Zanddizari, H., Shaikh, F., Ghani, N., Pour, M. S., Bou-Harb, E., & Crichigno, J. (2023). Federated Learning Approach for Distributed Ransomware Analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 13907 LNCS, pp. 621–641). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-41181-6_33
Mendeley helps you to discover research relevant for your work.