A Ransomware Triage Approach using a Task Memory based on Meta-Transfer Learning Framework. (arXiv:2207.10242v3 [cs.CR] UPDATED)

To enhance the efficiency of incident response triage operations, it is not
cost-effective to defend all systems equally in a complex cyber environment.
Instead, prioritizing the defense of critical functionality and the most
vulnerable systems is desirable. Threat intelligence is crucial for guiding SOC
analysts’ focus toward specific system activity and provides the primary
contextual foundation for interpreting security alerts. This paper explores
novel approaches for improving incident response triage operations, including
ransomware attacks and zero-day malware. This solution for rapid prioritization
of different ransomware has been raised to formulate fast response plans to
minimize socioeconomic damage from the massive growth of ransomware attacks in
recent years; it can also be extended to other incident responses. To address
this concern, we propose a ransomware triage approach that can rapidly classify
and prioritize different ransomware classes. We utilize a pre-trained ResNet18
network based on Siamese Neural Network (SNN) to reduce the biases in weight
and parameters. In addition, our approach uses the entropy features directly
obtained from the binary ransomware files to improve feature representation,
resilient to obfuscation noise, and computationally less expensive, which
evaluation also shows that this classification part of our proposed approach
achieves the accuracy exceeding ….and outperforms other similar
classification performance. This new triage strategy based on Task memory with
meta-learning evaluates the level of similarity matching across ransomware
classes to identify any risky and unknown ransomware (e.g., zero-day attacks)
so that a defense of those that support critical functionality can be
conducted.