Toggle Main Menu Toggle Search

Open Access padlockePrints

A King’s Ransom for Encryption: Ransomware Classification using Augmented One-Shot Learning and Bayesian Approximation

Lookup NU author(s): Dr Amir Atapour AbarghoueiORCiD, Stephen BonnerORCiD, Dr Stephen McGough



This is the authors' accepted manuscript of a conference proceedings (inc. abstract) that has been published in its final definitive form by IEEE, 2019.

For re-use rights please refer to the publisher's terms and conditions.


Newly emerging variants of ransomware pose an ever-growing threat to computer systems governing every aspect of modern life through the handling and analysis of big data. While various recent security-based approaches have focused on ransomware detection at the network or system level, easy-to-use post-infection ransomware classification for the lay user has not been attempted before. In this paper, we investigate the possibility of classifying the ransomware a system is infected with simply based on a screenshot of the splash screen or the ransom note captured using a consumer camera commonly found in any modern mobile device. To train and evaluate our system, we create a sample dataset of the splash screens of 50 well-known ransomware variants. In our dataset, only a single training image is available per ransomware. Instead of creating a large training dataset of ransomware screenshots, we simulate screenshot capture conditions via carefully-designed data augmentation techniques, enabling simple and efficient one-shot learning. Moreover, using model uncertainty obtained via Bayesian approximation, we ensure special input cases such as unrelated non-ransomware images and previously-unseen ransomware variants are correctly identified for special handling and not mis-classified. Extensive experimental evaluation demonstrates the efficacy of our work, with accuracy levels of up to 93.6% for ransomware classification.

Publication metadata

Author(s): Atapour Abarghouei A, Bonner S, McGough AS

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: 2019 IEEE International Conference on Big Data 2019

Year of Conference: 2019

Online publication date: 09/12/2019

Acceptance date: 17/10/2019

Date deposited: 19/11/2019

Publisher: IEEE


DOI: 10.1109/BigData47090.2019.9005540