Researchers have proposed a wide range of ransomware detection and analysis schemes. However, most of these efforts have focused on older families targeting Windows 7/8 systems. Hence there is a critical need to develop efficient solutions to tackle the latest threats, many of which may have relatively fewer samples to analyze. This paper presents a machine learning(ML) framework for early ransomware detection and attribution. The solution pursues a data-centric approach which uses a minimalist ransomware dataset and implements static analysis using portable executable(PE) files. Results for several ML classifiers confirm strong performance in terms of accuracy and zero-day threat detection.

翻译：研究人员已提出多种勒索软件检测与分析方案，但现有研究多聚焦于针对Windows 7/8系统的旧版勒索软件家族。因此，亟需开发能有效应对最新威胁（其中许多威胁可供分析的样本数量相对较少）的高效解决方案。本文提出一个面向早期勒索软件检测与归因的机器学习框架。该方案采用数据驱动方法，使用极简勒索软件数据集，并通过可移植执行体文件实现静态分析。多个机器学习分类器的实验结果证实，该方法在检测准确率与零日威胁识别方面均表现优异。