Data-Centric Machine Learning Approach for Early Ransomware Detection and Classification

摘要: Researchers have proposed many different ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting earlier Windows 7/8 systems. Hence there is a critical need to tackle the latest threats, many of which have relatively few available samples. This paper presents a novel machine learning (ML) framework for early ransomware detection and classification. The solution pursues a data-centric approach to curate a minimalist ransomware dataset and performs static analysis of portable executable (PE) files for feature extraction. Results for several ML classifiers confirm strong performance in terms of accuracy and zero-day threat detection.