loading page

Entropy and Memory Forensics in Ransomware Analysis: Utilizing LLaMA-7B for Advanced Pattern Recognition
  • Wenbo Zhang ,
  • Xiang Li ,
  • Tingting Zhu
Wenbo Zhang
Changsha Institute of Technology

Corresponding Author:[email protected]

Author Profile
Tingting Zhu
Author Profile


This study investigated the utilization of memory forensics and the Large Language Model LLaMA-7B for the purpose of detecting and analyzing contemporary ransomware. It articulates a shift from traditional encryption-focused ransomware attacks to more sophisticated strategies, like data exfiltration, underscoring the evolving nature of these cyber threats. The methodology involves an integrated approach, combining memory forensic techniques with the advanced pattern recognition capabilities of LLaMA-7B, to identify and analyze ransomware signatures within system memory. The results demonstrate the efficacy of this combination in accurately distinguishing between ransomware and benign software, with a particular focus on identifying data exfiltration activities. Discussions revolve around the challenges of keeping pace with the evolving ransomware tactics and the ethical considerations in applying AI in cybersecurity. The study concludes by underscoring the importance of continuous innovation in cybersecurity strategies and the potential of AI integration in developing dynamic defense mechanisms against ransomware.