City Research Online

Abstract

This paper proposes FeSAD, a framework that will allow a machine learning classifier to detect evolutionary ransomware. Ransomware is a critical player in the malware space that causes hundreds of millions of dollars of damage globally and evolves quickly. The evolution of ransomware in machine learning classifiers is often calculated as concept drift. Concept drift is dangerous as changes in the behavior of ransomware can easily lead to misclassifications, and misclassification can harm individuals and businesses. Our proposed framework consists of a feature selection layer, drift calibration layer and drift decision layer that allows a machine learning classifier to detect and classify concept drift samples reliably. We evaluate the FeSAD framework in various concept drift scenarios and observe its ability to detect drifting samples effectively. The FeSAD framework is also evaluated on its ability to extend the lifespan of a classifier. The results obtained by this research show that FeSAD can successfully and reliably classify ransomware and benign samples while under concept drift and can extend the time between retraining.

Publication Type:	Article
Additional Information:	© 2024. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0/
Publisher Keywords:	Ransomware detection, Machine learning, Concept drift, Malware evolution, Genetic algorithm
Subjects:	H Social Sciences > HV Social pathology. Social and public welfare Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology > Computer Science > Software Reliability
SWORD Depositor:	Symplectic Administrator

Export

Downloads