The paper presents Minerva, a novel ransomware detection approach that leverages file-based behavioral profiling to identify malicious activity. Minerva is designed to be robust against evasion attacks, with architectural and feature selection choices informed by their resilience to adversarial manipulation.
The key insights behind Minerva are:
Minerva employs a multi-tier architecture that monitors file activity across different time windows, using an ensemble of machine learning classifiers to detect malicious behavior. The paper conducts a comprehensive analysis of Minerva's performance against traditional, evasive multiprocess, and unseen ransomware, as well as adaptive ransomware specifically engineered to evade Minerva's detection. The results demonstrate Minerva's ability to accurately identify ransomware, generalize to unseen threats, and withstand evasion attacks, with remarkably low detection times.
Til et andet sprog
fra kildeindhold
arxiv.org
Vigtigste indsigter udtrukket fra
by Dorjan Hitaj... kl. arxiv.org 04-17-2024
https://arxiv.org/pdf/2301.11050.pdfDybere Forespørgsler