Atapour Abarghouei, Amir Bonner, Stephen McGough, Andrew Stephen ransomware_classification.zip While various recent security-based approaches have focused on detecting and classifying ransomware at the network or system level, easy-to-use post-infection ransomware classification for the lay user has not been attempted before. In this vein, we investigate the possibility of classifying the ransomware a system is infected with simply based on a screenshot of the splash screen or the ransom note captured using a consumer camera commonly found in any modern mobile device. To train and evaluate our system, we have created a sample dataset of the splash screens of 50 well-known ransomware variants. In this dataset, only a single training image is available per ransomware. Instead of creating a large training dataset of ransomware screenshots, we simulate screenshot capture conditions via carefully designed data augmentation techniques, enabling simple and efficient one-shot learning. Moreover, using model uncertainty obtained via Bayesian approximation, we ensure special input cases such as unrelated non-ransomware images and previously-unseen ransomware variants are correctly identified for special handling and not misclassified.<br><br>A publication outlining the findings of our research is available here: <br>https://arxiv.org/abs/1908.06750<br><br>Instructions on how this data set can be used is found here: <br>https://github.com/atapour/ransomware-classification Ransomware Classification;Machine Learning;Bayesian Approximation;One-Shot Learning;Model Uncertainty;Artificial Intelligence and Image Processing;Computer Vision 2019-08-30
    https://data.ncl.ac.uk/articles/dataset/ransomware_classification_zip/9735080
10.25405/data.ncl.9735080.v1