FeSA: Feature Selection Architecture for Ransomware Detection Under Concept Drift
Fernando, D. W. & Komninos, N. ORCID: 0000-0003-2776-1283 (2022). FeSA: Feature Selection Architecture for Ransomware Detection Under Concept Drift. Computers & Security, 116, article number 102659. doi: 10.1016/j.cose.2022.102659
Abstract
This paper investigates how different genetic and nature-inspired feature selection algorithms operate in systems where the prediction model changes over time in unforeseen ways. As a result, this study proposes a feature section architecture, namely FeSA, independent of the underlying classification algorithm and aims to find a set of features that will improve the longevity of the machine learning classifier. The feature set produced by FeSA is evaluated by creating scenarios in which concept drift is presented to our trained model. Based on our results, the generated feature set remains robust and maintains high detection rates of ransomware malware. Throughout this paper, we will refer to the true-positive rate of ransomware as detection; this is to clearly define what we focus on, as the high true positive rate for ransomware is the main priority. Our architecture is compared to other nature-inspired feature selection algorithms such as evolutionary search, genetic search, harmony search, best-first search and the greedy stepwise feature selection algorithm. Our results show that FeSA displays the least degradation on average when exposed to concept drift. FeSA is evaluated based on ransomware detection rate, recall, false positives and precision. The FeSA architecture provides a feature set that shows competitive recall, false positives and precision under concept drift while maintaining the highest detection rate from the algorithms it has been compared to.
Publication Type: | Article |
---|---|
Additional Information: | © 2022. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0. This article has been published in Computers & Security by Elsevier. |
Publisher Keywords: | Ransomware, Concept-drift, Detection, Learning-algorithms, Features |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Departments: | School of Science & Technology > Computer Science |
SWORD Depositor: |
Available under License Creative Commons Attribution Non-commercial No Derivatives.
Download (628kB) | Preview
Export
Downloads
Downloads per month over past year