FeSAD ransomware detection framework with machine learning using adaption to concept drift
Fernando, D. W. & Komninos, N. ORCID: 0000-0003-2776-1283 (2024). FeSAD ransomware detection framework with machine learning using adaption to concept drift. Computers & Security, 137, article number 103629. doi: 10.1016/j.cose.2023.103629
Abstract
This paper proposes FeSAD, a framework that will allow a machine learning classifier to detect evolutionary ransomware. Ransomware is a critical player in the malware space that causes hundreds of millions of dollars of damage globally and evolves quickly. The evolution of ransomware in machine learning classifiers is often calculated as concept drift. Concept drift is dangerous as changes in the behavior of ransomware can easily lead to misclassifications, and misclassification can harm individuals and businesses. Our proposed framework consists of a feature selection layer, drift calibration layer and drift decision layer that allows a machine learning classifier to detect and classify concept drift samples reliably. We evaluate the FeSAD framework in various concept drift scenarios and observe its ability to detect drifting samples effectively. The FeSAD framework is also evaluated on its ability to extend the lifespan of a classifier. The results obtained by this research show that FeSAD can successfully and reliably classify ransomware and benign samples while under concept drift and can extend the time between retraining.
Publication Type: | Article |
---|---|
Additional Information: | © 2024. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0/ |
Publisher Keywords: | Ransomware detection, Machine learning, Concept drift, Malware evolution, Genetic algorithm |
Subjects: | H Social Sciences > HV Social pathology. Social and public welfare Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Departments: | School of Science & Technology > Computer Science > Software Reliability |
SWORD Depositor: |
This document is not freely accessible until 5 December 2024 due to copyright restrictions.
Available under License Creative Commons Attribution Non-commercial No Derivatives.
To request a copy, please use the button below.
Request a copyExport
Downloads
Downloads per month over past year