TechRxiv

Entropy and Memory Forensics in Ransomware Analysis: Utilizing LLaMA-7B for Advanced Pattern Recognition

Download (414.59 kB)
preprint
posted on 2023-12-07, 03:49 authored by Wenbo ZhangWenbo Zhang, Xiang Li, Tingting Zhu

This study investigated the utilization of memory forensics and the Large Language Model LLaMA-7B for the purpose of detecting and analyzing contemporary ransomware. It articulates a shift from traditional encryption-focused ransomware attacks to more sophisticated strategies, like data exfiltration, underscoring the evolving nature of these cyber threats. The methodology involves an integrated approach, combining memory forensic techniques with the advanced pattern recognition capabilities of LLaMA-7B, to identify and analyze ransomware signatures within system memory. The results demonstrate the efficacy of this combination in accurately distinguishing between ransomware and benign software, with a particular focus on identifying data exfiltration activities. Discussions revolve around the challenges of keeping pace with the evolving ransomware tactics and the ethical considerations in applying AI in cybersecurity. The study concludes by underscoring the importance of continuous innovation in cybersecurity strategies and the potential of AI integration in developing dynamic defense mechanisms against ransomware.

History

Email Address of Submitting Author

MLwarriorZhang@outlook.com

ORCID of Submitting Author

0009-0009-6296-1628

Submitting Author's Institution

Changsha Institute of Technology

Submitting Author's Country

  • China

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC