Professional Documents
Culture Documents
v1 Covered
v1 Covered
v1 Covered
Research Article
Keywords: Ransomware Detection, Large Language Models, Image Analysis, Portable Executable Files,
Cybersecurity, LLaMA-7b Model
DOI: https://doi.org/10.21203/rs.3.rs-3679775/v1
License: This work is licensed under a Creative Commons Attribution 4.0 International License.
Read Full License
Efficient Ransomware Detection via Portable Executable File Image Analysis By
LLaMA-7b
Abstract
This research focuses on developing a novel ransomware detection methodology leveraging the capabilities of the open source large
language model LLaMA-7b and image analysis of Portable Executable (PE) files. By transforming PE files into grayscale bitmap
images and analyzing these using the LLaMA-7b model, the study introduces an innovative approach in cybersecurity. The model
demonstrates high accuracy in distinguishing ransomware from benignware, with a significant true positive rate and minimal false
positives and negatives. This method overcomes the limitations of traditional static and dynamic analysis, proving effective against
modern ransomware variants. The findings suggest that integrating advanced technologies like LLMs in cybersecurity offers a
promising direction for enhancing ransomware detection and prevention.
Keywords: Ransomware Detection, Large Language Models, Image Analysis, Portable Executable Files, Cybersecurity,
LLaMA-7b Model
encoded images were first decoded back into binary format, en-
suring that the model could process the image data effectively.
This conversion was critical as it allowed the model to inter- yes
pret and analyze the images in a format akin to its pre-training
data. The fine-tuning process was iterative and methodically End
structured. It involved several rounds of training, where the
model was exposed to our curated dataset of decoded images. Figure 2: Flowchart of the Fine-Tuning Process for the LLaMA-7b Model
This exposure was followed by a phase of validation, where the
model’s performance in classifying the images was rigorously
assessed. The parameters of the LLaMA-7b model were con- to 3d) exhibit notably darker regions compared to those of be-
tinuously adjusted and optimized during these rounds to im- nignware (subfigures 3e to 3h). This darkness potentially signi-
prove its accuracy in distinguishing between ransomware and fies a higher degree of encryption and code obfuscation in ran-
benignware images. The exit criteria for the fine-tuning pro- somware, which is a common tactic to evade detection. In con-
cess were stringently defined. Success was determined not only trast, the lighter appearance of benignware images may reflect
by high accuracy in classification but also by the model’s abil- a more straightforward and less obfuscated binary structure.
ity to generalize from the training data and maintain consistent
4.2. Detection Accuracy
performance on unseen test data. This criterion ensured that the
fine-tuned model was robust and reliable. The LLaMA-7b model’s efficacy in identifying ransomware
As depicted in Figure 2, the fine-tuning of LLaMA-7b is a and benignware was thoroughly evaluated using established per-
cyclical process, ensuring continual improvement and adjust- formance metrics. The primary metrics for this evaluation were
ment until the desired level of performance is achieved. This true positives (TP) for ransomware detection, true negatives
approach justifies the robustness and adaptability of the model (TN) for benignware identification, false positives (FP), and
in handling the complexities associated with ransomware de- false negatives (FN). In this context, true positives refer to ran-
tection. somware files correctly identified as such, while true negatives
denote benign files accurately classified as non-malicious. False
positives represent benign files misclassified as ransomware,
4. Experiment and Results and false negatives are ransomware files that were mistakenly
overlooked. These metrics collectively offer an extensive view
This section presents the experimental setup and the out-
of the model’s accuracy and reliability.
comes derived from the application of the LLaMA-7b model
As demonstrated in Table 2, the LLaMA-7b model exhib-
on our dataset.
ited a commendable level of accuracy in detecting various types
of ransomware. The true positive rates for ransomware, ranging
4.1. Image Generation
from 90% to 96%, indicate a high success rate in correctly iden-
The visual analysis of Portable Executable (PE) files pro- tifying malicious files. This is particularly significant for newer
vides insightful contrasts between ransomware and benignware. ransomware types like BlackCat and Hive, where a true positive
Figures 3 illustrate the grayscale bitmap images generated from rate of 94% and 96% respectively suggests the model’s effec-
PE files of both ransomware and benignware. It can be ob- tiveness in adapting to and identifying the latest ransomware
served that the images representing ransomware (subfigures 3a threats. This robust detection capability is crucial in cybersecu-
rity, where the early and accurate identification of ransomware
can significantly mitigate potential damage.
4
Table 2: Detection Accuracy of LLaMA-7b Model
Category File Type True Positives/Negatives (%) False Positives (%) False Negatives (%)
BlackCat 94% 4% 2%
LockBit 92% 5% 3%
Ransomware
Hive 96% 3% 1%
BlackBasta 90% 6% 4%
Microsoft Office 98% 1% 1%
Adobe Reader 97% 2% 1%
Benignware
7-Zip 95% 4% 1%
VLC Player 93% 5% 2%
The false positive rates, being relatively low (ranging from niques employed by modern ransomware. Moreover, the attack
1% to 6%), indicate the model’s precision in distinguishing be- vectors and mechanisms employed by newer ransomware vari-
nign files from ransomware. This is critical to avoid unnec- ants differ markedly from those used by older variants. The
essary alarms and ensure that normal operations are not dis- evolution in ransomware tactics includes changes in encryption
rupted due to false detections. For instance, the low false pos- methods, payload delivery, and evasion techniques, making the
itive rate of 1% for widely used software like Microsoft Of- newer variants more complex and challenging to detect. Hence,
fice and Adobe Reader highlights the model’s ability to cor- models trained and tested on outdated samples may not perform
rectly identify legitimate software, thereby reducing the likeli- effectively against current ransomware threats, limiting the va-
hood of impeding user productivity with false alerts. Similarly, lidity of comparative analysis.
the false negative rates, which reflect the model’s efficiency In light of these observations, our study consciously chose
in not overlooking actual ransomware files, are maintained at to exclude older ransomware samples (e.g., WannaCry, Petya),
low levels (ranging from 1% to 4%). This is vital for ensuring focusing instead on recent variants (e.g. Lockbit, Blackcat)
that ransomware does not evade detection, as even a small per- to ensure relevance and accuracy in detection. This decision,
centage of missed detections could lead to significant security while enhancing the applicability of our model to contemporary
breaches. These results collectively underscore the LLaMA-7b threats, poses a limitation in conducting a comparative analysis
model’s capability in effectively balancing sensitivity (true pos- with other studies. Looking forward, a more meaningful com-
itives) and specificity (low false positives), making it a reliable parison could be considered as the field evolves. This would
tool in the fight against ransomware. The model’s proficiency require the development of standardized datasets that include
in distinguishing between benign and malicious software with recent ransomware variants and the emergence of more stud-
high accuracy minimizes the risk of both over-reacting to non- ies employing large language models (LLMs) in ransomware
threatening files and under-reacting to actual security threats. detection. A standardized dataset, encompassing a wide range
Consequently, these metrics not only validate the efficacy of the of recent ransomware types, would provide a common ground
fine-tuning process undertaken but also highlight the practical for evaluating different models and methodologies, paving the
applicability of the LLaMA-7b model in real-world cybersecu- way for a comprehensive comparative analysis. Until such ad-
rity scenarios. vancements materialize, our study stands as a pioneering effort
in applying LLMs, specifically the LLaMA-7b model, to the
4.3. Comparative Analysis detection of modern ransomware threats.
In the realm of cybersecurity research, particularly in the
context of ransomware detection, comparative analyses between 5. Discussion
different models and methodologies play a crucial role in under-
standing the effectiveness and advancements in the field. How- This section critically examines the findings of the study,
ever, our study encountered a notable challenge in drawing di- discussing their implications in the cybersecurity domain, and
rect comparisons with other machine learning-based ransomware acknowledging the limitations and potential biases inherent in
studies. A key reason for this challenge lies in the nature of the research methodology.
the ransomware samples used in contemporary research. We
observed that even recent studies in ransomware detection of- 5.1. In-depth Analysis of Results
ten rely on outdated samples, such as WannaCry and Petya. The outcomes derived from employing the LLaMA-7b model,
These samples, while historically significant, do not accurately particularly in the detection of ransomware through the analyt-
represent the current landscape of ransomware threats. Ran- ical process of Base64-encoded images of Portable Executable
somware has evolved rapidly, with newer variants like Black- files, have revealed considerable effectiveness. The model ex-
Cat and LockBit exhibiting significantly different code struc- hibited high accuracy rates in identifying ransomware, with true
tures and attack vectors. The use of older samples like Wan- positive rates consistently surpassing 90%. Such figures are in-
naCry and Petya in comparative studies could lead to skewed dicative of the model’s robust capability to accurately detect
results, as these variants no longer reflect the sophisticated tech-
5
security domain, specifically for ransomware detection, repre-
sents a viable and highly effective strategy [22, 4].
Moreover, the model’s effectiveness in discerning between
benign and malicious software, while minimizing erroneous clas-
sifications, underscores the importance of precision in such se-
curity applications [20, 1]. The ability to maintain a false nega-
tive rate under 4% is crucial in ensuring that potentially harmful
ransomware does not go undetected, thus safeguarding digital
assets and infrastructures from compromise [13]. The study’s
findings, therefore, not only emphasize the model’s adeptness
(a) BlackCat ransomware (b) LockBit ransomware
in recognizing and responding to the characteristics of ransomware
but also highlight the model’s potential as a groundbreaking
tool in the ongoing battle against these sophisticated cyber threats
[44, 14].
6
encapsulate the diverse behaviors and characteristics present in generalizability of the findings and provide a more compre-
the broader spectrum of ransomware. Moreover, the reliance on hensive understanding of ransomware behaviors. There is also
the LLaMA-7b model as the primary analytical tool introduces a need for continuous refinement of the models and method-
a potential bias toward the strengths and limitations inherent to ologies to keep pace with the rapidly evolving tactics of ran-
this model [46, 47, 48]. This aspect might skew the results in somware developers. Future research should focus on develop-
favor of the model’s specific analytical capabilities, potentially ing adaptive models that can predict and counteract new ran-
overlooking nuances that other models might capture [49, 50]. somware strategies as they emerge. Furthermore, investigating
Future research endeavors could benefit from incorporating a the potential biases and limitations of current models, includ-
variety of models or extending the dataset to include a wider ing addressing issues like LLM hallucinations, will be crucial
range of ransomware types. This expansion would not only in developing more accurate and reliable ransomware detection
validate the current findings but also broaden the understanding systems. Finally, integrating the findings from this research
of ransomware detection methodologies. with traditional cybersecurity approaches could lead to the de-
In addition, the ever-evolving landscape of ransomware threats velopment of a more holistic and multi-faceted defense strategy
necessitates continuous refinement and adaptation of both the against ransomware attacks.
model and the analytical methods. As ransomware developers
innovate and adapt, the models used for detection must also
Declaration
evolve to maintain their effectiveness [29, 16, 42, 37]. The
study’s methodology, while effective under current conditions, There is no conflict of interest to be declared by the authors.
might require modifications to address future ransomware evo-
lutions, not to mention that we have not considered LLM hal-
lucinations, which may have contributed to the false positives References
or false negatives [50, 51, 52, 53]. Regular updates and en- [1] A. AlSabeh, H. Safa, E. Bou-Harb, J. Crichigno, Exploiting ransomware
hancements to the model, along with an adaptable approach to paranoia for execution prevention, in: ICC 2020-2020 IEEE International
methodological frameworks, will be crucial in sustaining the Conference on Communications (ICC), IEEE, 2020, pp. 1–6.
[2] S. Johnson, R. Gowtham, A. R. Nair, Ensemble model ransomware classi-
relevance and efficacy of ransomware detection tools [16, 17,
fication: A static analysis-based approach, in: Inventive Computation and
54]. Thus, while the study presents a significant step forward in Information Technologies: Proceedings of ICICIT 2021, Springer, 2022,
the use of large language models for ransomware detection, it pp. 153–167.
also highlights the dynamic nature of cybersecurity challenges [3] T. McIntosh, A. Kayes, Y.-P. P. Chen, A. Ng, P. Watters, Ransomware
mitigation in the modern era: A comprehensive review, research chal-
and the need for ongoing research and development in this field. lenges, and future directions, ACM Computing Surveys (CSUR) 54 (9)
(2021) 1–36, survey.
[4] J. Jones, Ransomware analysis and defense-wannacry and the win32 en-
6. Conclusion
vironment, International Journal of Information Security Science 6 (4)
(2017) 57–69.
This research has made substantial contributions to the field [5] M. A. Ayub, A. Sirai, Similarity analysis of ransomware based on portable
of cybersecurity, specifically in the domain of ransomware de- executable (pe) file metadata, in: 2021 IEEE Symposium Series on Com-
tection. The innovative approach of employing the LLaMA- putational Intelligence (SSCI), IEEE, 2021, pp. 1–6.
7b model, in conjunction with image analysis of Portable Ex- [6] F. Manavi, A. Hamzeh, A new method for ransomware detection based
on pe header using convolutional neural networks, in: 2020 17th Interna-
ecutable files, has proven to be highly effective. The study tional ISC Conference on Information Security and Cryptology (ISCISC),
demonstrated that the model could accurately identify ransomware IEEE, 2020, pp. 82–87.
with high true positive rates, while maintaining low false posi- [7] M. Xiao, C. Guo, G. Shen, Y. Cui, C. Jiang, Image-based malware clas-
tives and negatives. This indicates the model’s robust capability sification using section distribution information, Computers & Security
110 (2021) 102420.
in detecting various ransomware types, particularly newer vari- [8] X. Ling, L. Wu, J. Zhang, Z. Qu, W. Deng, X. Chen, Y. Qian, C. Wu, S. Ji,
ants, and its effectiveness in distinguishing them from benign T. Luo, et al., Adversarial attacks against windows pe malware detection:
software. The findings reinforce the potential of integrating ad- A survey of the state-of-the-art, Computers & Security (2023) 103134.
[9] W. Liu, Modeling ransomware spreading by a dynamic node-level
vanced technologies, like large language models, in enhancing
method, IEEE Access 7 (2019) 142224–142232.
cybersecurity measures. The study successfully addressed the [10] T. Rezaei, F. Manavi, A. Hamzeh, A pe header-based method for mal-
limitations of traditional ransomware detection methods, offer- ware detection using clustering and deep embedding techniques, Journal
ing a novel approach that is both adaptable and efficient in the of Information Security and Applications 60 (2021) 102876.
[11] S. Poudyal, K. D. Gupta, S. Sen, Pefile analysis: a static approach to
face of the evolving nature of cyber threats. ransomware analysis, Int J Forens Comput Sci 1 (34-39) (2019) 88.
Looking ahead, there are several avenues for future research [12] M. Medhat, S. Gaber, N. Abdelbaki, A new static-based framework
that emerge from this study. One key direction is the explo- for ransomware detection, in: 2018 IEEE 16th Intl Conf on Depend-
ration of different large language models and their application able, Autonomic and Secure Computing, 16th Intl Conf on Perva-
sive Intelligence and Computing, 4th Intl Conf on Big Data Intelli-
in ransomware detection. Comparative studies involving vari- gence and Computing and Cyber Science and Technology Congress
ous models could provide deeper insights into the strengths and (DASC/PiCom/DataCom/CyberSciTech), IEEE, 2018, pp. 710–715.
weaknesses of each approach, potentially leading to more so- [13] M. A. Ayub, A. Siraj, B. Filar, M. Gupta, Rwarmor: a static-informed
phisticated and robust detection tools. Additionally, expanding dynamic analysis approach for early detection of cryptographic windows
ransomware, International Journal of Information Security (2023) 1–24.
the dataset to include a broader range of ransomware types, in-
cluding both older and emerging variants, would enhance the
7
[14] D. Carlin, P. O’Kane, S. Sezer, Dynamic opcode analysis of ransomware, ternational Conference on Privacy, Security and Trust (PST), IEEE, 2021,
in: 2018 International Conference on Cyber Security and Protection of pp. 1–7.
Digital Services (Cyber Security), IEEE, 2018, pp. 1–4. [35] L. Iffländer, A. Dmitrienko, C. Hagen, M. Jobst, S. Kounev, Hands off my
[15] S. Usharani, P. M. Bala, M. M. J. Mary, Dynamic analysis on crypto- database: Ransomware detection in databases through dynamic analysis
ransomware by using machine learning: Gandcrab ransomware, in: Jour- of query sequences, arXiv preprint arXiv:1907.06775 (2019).
nal of Physics: Conference Series, Vol. 1717, IOP Publishing, 2021, p. [36] R. Umar, I. Riadi, R. S. Kusuma, Analysis of conti ransomware attack on
012024. computer network with live forensic method, IJID (International Journal
[16] P. S. Goyal, A. Kakkar, G. Vinod, G. Joseph, Crypto-ransomware detec- on Informatics for Development) 10 (1) (2021) 53–61.
tion using behavioural analysis, in: Reliability, Safety and Hazard As- [37] G. McDonald, P. Papadopoulos, N. Pitropakis, J. Ahmad, W. J. Buchanan,
sessment for Risk-Based Technologies: Proceedings of ICRESH 2019, Ransomware: Analysing the impact on windows active directory domain
Springer, 2020, pp. 239–251. services, Sensors 22 (3) (2022) 953.
[17] Q. Kang, Y. Gu, A survey on ransomware threats: Contrasting static and [38] S. Sheen, A. Yadav, Ransomware detection by mining api call usage, in:
dynamic analysis methodsSurvey (2023). 2018 International Conference on Advances in Computing, Communica-
[18] H. Zhang, X. Xiao, F. Mercaldo, S. Ni, F. Martinelli, A. K. Sangaiah, tions and Informatics (ICACCI), IEEE, 2018, pp. 983–987.
Classification of ransomware families with machine learning based onn- [39] F. Cicala, E. Bertino, Analysis of encryption key generation in modern
gram of opcodes, Future Generation Computer Systems 90 (2019) 211– crypto ransomware, IEEE Transactions on Dependable and Secure Com-
221. puting 19 (2) (2020) 1239–1253.
[19] M. Alam, S. Bhattacharya, S. Dutta, S. Sinha, D. Mukhopadhyay, [40] C. Sendner, L. Iffländer, S. Schindler, M. Jobst, A. Dmitrienko,
A. Chattopadhyay, Ratafia: Ransomware analysis using time and fre- S. Kounev, Ransomware detection in databases through dynamic anal-
quency informed autoencoders, in: 2019 IEEE International Symposium ysis of query sequences, in: 2022 IEEE Conference on Communications
on Hardware Oriented Security and Trust (HOST), IEEE, 2019, pp. 218– and Network Security (CNS), IEEE, 2022, pp. 326–334.
227. [41] S. Aurangzeb, R. N. B. Rais, M. Aleem, M. A. Islam, M. A. Iqbal, On the
[20] P. Sharma, S. Kapoor, R. Sharma, Ransomware detection, prevention and classification of microsoft-windows ransomware using hardware profile,
protection in iot devices using ml techniques based on dynamic analy- PeerJ Computer Science 7 (2021) e361.
sis approach, International Journal of System Assurance Engineering and [42] P. M. Anand, P. S. Charan, S. K. Shukla, A comprehensive api call anal-
Management 14 (1) (2023) 287–296. ysis for detecting windows-based ransomware, in: 2022 IEEE Interna-
[21] J. K. Lee, S. Y. Moon, J. H. Park, Cloudrps: a cloud analysis based en- tional Conference on Cyber Security and Resilience (CSR), IEEE, 2022,
hanced ransomware prevention system, The Journal of Supercomputing pp. 337–344.
73 (2017) 3065–3084. [43] F. Mercaldo, A framework for supporting ransomware detection and pre-
[22] R. Almohaini, I. Almomani, A. AlKhayer, Hybrid-based analysis impact vention based on hybrid analysis, Journal of Computer Virology and
on ransomware detection for android systems, Applied Sciences 11 (22) Hacking Techniques 17 (3) (2021) 221–227.
(2021) 10976. [44] J. A. Herrera-Silva, M. Hernández-Álvarez, Dynamic feature dataset for
[23] S. G. Prasad, V. C. Sharmila, M. Badrinarayanan, Role of artificial intel- ransomware detection using machine learning algorithms, Sensors 23 (3)
ligence based chat generative pre-trained transformer (chatgpt) in cyber (2023) 1053.
security, in: 2023 2nd International Conference on Applied Artificial In- [45] T. McIntosh, T. Liu, T. Susnjak, H. Alavizadeh, A. Ng, R. Nowrozy,
telligence and Computing (ICAAIC), IEEE, 2023, pp. 107–114. P. Watters, Harnessing gpt-4 for generation of cybersecurity grc poli-
[24] F. Manavi, A. Hamzeh, Ransomware detection based on pe header using cies: A focus on ransomware attack mitigation, Computers & Security
convolutional neural networks., ISeCure 14 (2) (2022). 134 (2023) 103424.
[25] Y. Lemmou, J.-L. Lanet, E. M. Souidi, A behavioural in-depth analysis of [46] D. Zhou, K. Wang, J. Gu, X. Peng, D. Lian, Y. Zhang, Y. You, J. Feng,
ransomware infection, IET Information Security 15 (1) (2021) 38–58. Dataset quantization, in: Proceedings of the IEEE/CVF International
[26] M. Kanwal, S. Thakur, An app based on static analysis for android ran- Conference on Computer Vision, 2023, pp. 17205–17216.
somware, in: 2017 International Conference on Computing, Communica- [47] A. Rakshit, S. Mehta, A. Dasgupta, A novel pipeline for improving opti-
tion and Automation (ICCCA), IEEE, 2017, pp. 813–818. cal character recognition through post-processing using natural language
[27] H. Pearce, B. Tan, P. Krishnamurthy, F. Khorrami, R. Karri, B. Dolan- processing, in: 2023 IEEE Guwahati Subsection Conference (GCON),
Gavitt, Pop quiz! can a large language model help with reverse engineer- IEEE, 2023, pp. 01–06.
ing?, arXiv preprint arXiv:2202.01142 (2022). [48] G. Rejithkumar, P. R. Anish, S. Ghaisas, Automated identification of de-
[28] A. Zimba, Z. Wang, L. Simukonda, Towards data resilience: The ana- ontic modalities in software engineering contracts: A domain adaptation-
lytical case of crypto ransomware data recovery techniques, International based generative approach, in: 2023 IEEE 31st International Require-
Journal of Information Technology & Computer Science 10 (1) (2018) ments Engineering Conference Workshops (REW), IEEE, 2023, pp. 72–
40–51. 75.
[29] A. Cuzzocrea, F. Mercaldo, F. Martinelli, A framework for supporting [49] H. Fang, Z. Yang, Y. Wei, X. Zang, C. Ban, Z. Feng, Z. He, Y. Li, H. Sun,
ransomware detection and prevention based on hybrid analysis, in: Com- Alignment and generation adapter for efficient video-text understanding,
putational Science and Its Applications–ICCSA 2021: 21st International in: Proceedings of the IEEE/CVF International Conference on Computer
Conference, Cagliari, Italy, September 13–16, 2021, Proceedings, Part III Vision, 2023, pp. 2791–2797.
21, Springer, 2021, pp. 16–27. [50] S. Jha, S. K. Jha, P. Lincoln, N. D. Bastian, A. Velasquez, S. Neema,
[30] J. Schoenbachler, V. Krishnan, G. Agarwal, F. Li, Sorting ransomware Dehallucinating large language models using formal methods guided it-
from malware utilizing machine learning methods with dynamic analysis, erative prompting, in: 2023 IEEE International Conference on Assured
in: Proceedings of the Twenty-fourth International Symposium on The- Autonomy (ICAA), IEEE, 2023, pp. 149–152.
ory, Algorithmic Foundations, and Protocol Design for Mobile Networks [51] T. R. McIntosh, T. Liu, T. Susnjak, P. Watters, A. Ng, M. N. Halgamuge,
and Mobile Computing, 2023, pp. 516–521. A culturally sensitive test to evaluate nuanced gpt hallucination, IEEE
[31] M. Gupta, C. Akiri, K. Aryal, E. Parker, L. Praharaj, From chatgpt to Transactions on Artificial Intelligence 1 (01) (2023) 1–13.
threatgpt: Impact of generative ai in cybersecurity and privacy, IEEE Ac- [52] Z. Ziyu, C. Qiguang, M. Longxuan, L. Mingda, H. Yi, Q. Yushan,
cess (2023). B. Haopeng, Z. Weinan, T. Liu, Through the lens of core competency:
[32] N. Rani, S. V. Dhavale, Leveraging machine learning for ransomware de- Survey on evaluation of large language models, in: Proceedings of the
tection, arXiv preprint arXiv:2206.01919 (2022). 22nd Chinese National Conference on Computational Linguistics (Vol-
[33] D. F. Netto, K. Shony, E. R. Lalson, An integrated approach for de- ume 2: Frontier Forum), 2023, pp. 88–109.
tecting ransomware using static and dynamic analysis, in: 2018 Inter- [53] Y. Chen, Q. Fu, Y. Yuan, Z. Wen, G. Fan, D. Liu, D. Zhang, Z. Li,
national CET Conference on Control, Communication, and Computing Y. Xiao, Hallucination detection: Robustly discerning reliable answers
(IC4), IEEE, 2018, pp. 410–414. in large language models, in: Proceedings of the 32nd ACM International
[34] M. Almousa, S. Basavaraju, M. Anwar, Api-based ransomware detection Conference on Information and Knowledge Management, 2023, pp. 245–
using machine learning-based threat detection models, in: 2021 18th In- 255.
8
[54] A. Alqahtani, F. T. Sheldon, A survey of crypto ransomware attack detec-
tion methodologies: an evolving outlook, Sensors 22 (5) (2022) 1837.