A Kings Ransom for Encryption: Ransomware Classification using Augmented One-Shot Learning and Bayesian Approximation

by   Amir Atapour Abarghouei, et al.

Newly emerging variants of ransomware pose an ever-growing threat to computer systems governing every aspect of modern life through the handling and analysis of big data. While various recent security-based approaches have focused on detecting and classifying ransomware at the network or system level, easy-to-use post-infection ransomware classification for the lay user has not been attempted before. In this paper, we investigate the possibility of classifying the ransomware a system is infected with simply based on a screenshot of the splash screen or the ransom note captured using a consumer camera commonly found in any modern mobile device. To train and evaluate our system, we create a sample dataset of the splash screens of 50 well-known ransomware variants. In our dataset, only a single training image is available per ransomware. Instead of creating a large training dataset of ransomware screenshots, we simulate screenshot capture conditions via carefully designed data augmentation techniques, enabling simple and efficient one-shot learning. Moreover, using model uncertainty obtained via Bayesian approximation, we ensure special input cases such as unrelated non-ransomware images and previously-unseen ransomware variants are correctly identified for special handling and not mis-classified. Extensive experimental evaluation demonstrates the efficacy of our work, with accuracy levels of up to 93.6 classification.


page 1

page 2

page 8


Few-shot learning using pre-training and shots, enriched by pre-trained samples

We use the EMNIST dataset of handwritten digits to test a simple approac...

Deep Reinforcement One-Shot Learning for Artificially Intelligent Classification Systems

In recent years there has been a sharp rise in networking applications, ...

Automated Human Cell Classification in Sparse Datasets using Few-Shot Learning

Classifying and analyzing human cells is a lengthy procedure, often invo...

Tensor feature hallucination for few-shot learning

Few-shot classification addresses the challenge of classifying examples ...

One of these (Few) Things is Not Like the Others

To perform well, most deep learning based image classification systems r...

Multi-Level Fine-Tuning, Data Augmentation, and Few-Shot Learning for Specialized Cyber Threat Intelligence

Gathering cyber threat intelligence from open sources is becoming increa...

On Episodes, Prototypical Networks, and Few-shot Learning

Episodic learning is a popular practice among researchers and practition...