Learning the Language of NVMe Streams for Ransomware Detection

Bringoltz, Barak, Halperin, Elisha, Feraru, Ran, Blaichman, Evgeny, Berman, Amit

Feb-7-2025–arXiv.org Artificial Intelligence

We apply language modeling techniques to detect ransomware activity in NVMe command sequences. We design and train two types of transformer-based models: the Command-Level Transformer (CLT) performs in-context token classification to determine whether individual commands are initiated by ransomware, and the Patch-Level Transformer (PLT) predicts the volume of data accessed by ransomware within a patch of commands. We present both model designs and the corresponding tokenization and embedding schemes and show that they improve over state-of-the-art tabular methods by up to 24% in missed-detection rate, 66% in data loss prevention, and 84% in identifying data accessed by ransomware.

large language model, machine learning, natural language, (21 more...)

arXiv.org Artificial Intelligence

Feb-7-2025

arXiv.org PDF

Add feedback

Country:
- Asia > Middle East
  - Israel > Tel Aviv District > Tel Aviv (0.04)
- North America
  - Cuba (0.04)
  - United States
    - California > Santa Clara County
      - Santa Clara (0.04)
    - Minnesota > Hennepin County
      - Minneapolis (0.14)
    - New York > New York County
      - New York City (0.04)

Genre:
- Research Report > New Finding (0.46)

Industry:
- Information Technology > Security & Privacy (1.00)
- Law Enforcement & Public Safety > Crime Prevention & Enforcement (1.00)

Technology:
- Information Technology
  - Artificial Intelligence
    - Machine Learning
      - Neural Networks > Deep Learning (0.66)
      - Statistical Learning (0.68)
    - Natural Language > Large Language Model (0.87)
  - Security & Privacy (1.00)

Duplicate Docs Excel Report

Title
None found

Similar Docs Excel Report more

Title	Similarity	Source
None found