Cross-temporal Detection of Novel Ransomware Campaigns: A Multi-Modal Alert Approach
We present a novel approach to identify ransomware campaigns derived from attack timelines representations within victim networks. Malicious activity profiles developed from multiple alert sources support the construction of alert graphs. This approach enables an effective and scalable representatio...
Saved in:
Main Authors | , , , , , , , , |
---|---|
Format | Journal Article |
Language | English |
Published |
01.09.2023
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | We present a novel approach to identify ransomware campaigns derived from
attack timelines representations within victim networks. Malicious activity
profiles developed from multiple alert sources support the construction of
alert graphs. This approach enables an effective and scalable representation of
the attack timelines where individual nodes represent malicious activity
detections with connections describing the potential attack paths. This work
demonstrates adaptability to different attack patterns through implementing a
novel method for parsing and classifying alert graphs while maintaining
efficacy despite potentially low-dimension node features. |
---|---|
DOI: | 10.48550/arxiv.2309.00700 |