Ransomware Detection Using Federated Learning with Imbalanced Datasets.
CoRR(2023)
摘要
Ransomware is a type of malware which encrypts user data and extorts payments
in return for the decryption keys. This cyberthreat is one of the most serious
challenges facing organizations today and has already caused immense financial
damage. As a result, many researchers have been developing techniques to
counter ransomware. Recently, the federated learning (FL) approach has also
been applied for ransomware analysis, allowing corporations to achieve
scalable, effective detection and attribution without having to share their
private data. However, in reality there is much variation in the quantity and
composition of ransomware data collected across multiple FL client
sites/regions. This imbalance will inevitably degrade the effectiveness of any
defense mechanisms. To address this concern, a modified FL scheme is proposed
using a weighted cross-entropy loss function approach to mitigate dataset
imbalance. A detailed performance evaluation study is then presented for the
case of static analysis using the latest Windows-based ransomware families. The
findings confirm improved ML classifier performance for a highly imbalanced
dataset.
更多查看译文
关键词
Cybersecurity,malware,ransomware analysis,federated learning,data imbalance
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要