City Research Online

FeSA: Feature Selection Architecture for Ransomware Detection Under Concept Drift

Fernando, D. W. & Komninos, N. ORCID: 0000-0003-2776-1283 (2022). FeSA: Feature Selection Architecture for Ransomware Detection Under Concept Drift. Computers & Security, 116, article number 102659. doi: 10.1016/j.cose.2022.102659

Abstract

This paper investigates how different genetic and nature-inspired feature selection algorithms operate in systems where the prediction model changes over time in unforeseen ways. As a result, this study proposes a feature section architecture, namely FeSA, independent of the underlying classification algorithm and aims to find a set of features that will improve the longevity of the machine learning classifier. The feature set produced by FeSA is evaluated by creating scenarios in which concept drift is presented to our trained model. Based on our results, the generated feature set remains robust and maintains high detection rates of ransomware malware. Throughout this paper, we will refer to the true-positive rate of ransomware as detection; this is to clearly define what we focus on, as the high true positive rate for ransomware is the main priority. Our architecture is compared to other nature-inspired feature selection algorithms such as evolutionary search, genetic search, harmony search, best-first search and the greedy stepwise feature selection algorithm. Our results show that FeSA displays the least degradation on average when exposed to concept drift. FeSA is evaluated based on ransomware detection rate, recall, false positives and precision. The FeSA architecture provides a feature set that shows competitive recall, false positives and precision under concept drift while maintaining the highest detection rate from the algorithms it has been compared to.

Publication Type: Article
Additional Information: © 2022. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0. This article has been published in Computers & Security by Elsevier.
Publisher Keywords: Ransomware, Concept-drift, Detection, Learning-algorithms, Features
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments: School of Science & Technology > Computer Science
SWORD Depositor:
[thumbnail of ecrc-template.pdf]
Preview
Text - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (628kB) | Preview

Export

Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login