Abstract
Ransomware has emerged as a grave cyber threat. Many of the existing ransomware detection and classification models use datasets created through dynamic or behaviour analysis of ransomware, hence known as behaviour-based detection models. A big challenge in automated behaviour-based ransomware detection and classification is high dimensional data with numerous features distributed into various groups. Feature selection algorithms usually help to deal with high dimensionality for improving classification performance. In connection with ransomware detection and classification, the majority of the feature selection methods used in existing literature ignore the varying importance of various feature groups within ransomware behaviour analysis data set. For ransomware detection and classification, we propose a two-stage feature selection method that considers the varying importance of each of the feature groups in the dataset. The proposed method utilizes particle swarm optimization, a wrapper-based feature selection algorithm, for selection of the optimal number of features from each feature group to produce better classification performance. Although the proposed method shows comparable performance for binary classification, it performs significantly better for multi-class classification than existing feature selection method used for this purpose.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
https://virusshare.com/ is an online malware repository that produces active malware samples to security researchers.
- 3.
References
Alhawi, O.M.K., Baldwin, J., Dehghantanha, A.: Leveraging machine learning techniques for windows ransomware network traffic detection. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds.) Cyber Threat Intelligence. AIS, vol. 70, pp. 93–106. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-73951-9_5
Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016)
Brewer, R.: Ransomware attacks: detection, prevention and cure. Netw. Secur. 2016(9), 5–9 (2016)
Burnap, P., French, R., Turner, F., Jones, K.: Malware classification using self organising feature maps and machine activity data. Comput. Secur. 73, 399–410 (2018)
Cabaj, K., Gawkowski, P., Grochowski, K., Osojca, D.: Network activity analysis of cryptowall ransomware. Przeglad Elektrotechniczny 91(11), 201–204 (2015)
Cai, J., Luo, J., Wang, S., Yang, S.: Feature selection in machine learning: a new perspective. Neurocomputing 300, 70–79 (2018)
Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347. ACM (2016)
Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, Hoboken (2012)
Cusack, G., Michel, O., Keller, E.: Machine learning-based detection of ransomware using SDN. In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 1–6. ACM (2018)
Eberhart, R., Kennedy, J.: A new optimizer using particle swarm theory. In: Proceedings of the 6th International Symposium on Micro Machine and Human Science, pp. 39–43. IEEE (1995)
Fagioli, A.: Zero-day recovery: the key to mitigating the ransomware threat. Comput. Fraud Secur. 2019(1), 6–9 (2019)
Feizollah, A., Anuar, N.B., Salleh, R., Wahab, A.W.A.: A review on feature selection in mobile malware detection. Digit. Invest. 13, 22–37 (2015)
Groot, J.D.: A history of ransomware attacks: the biggest and worst ransomware attacks of all time, January 2019. https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time#4. Accessed 03 Jan 2019
Guyon, I., Elisseeff, A.: An introduction to variable and features selection. J. Mach. Learn. Res. 3, 1157–1182 (2003)
Huang, D.Y., et al.: Tracking ransomware end-to-end. In: Proceedings of 2018 IEEE Symposium on Security and Privacy, vol. 2018-May, pp. 618–631. IEEE (2018)
Khalid, S., Khalil, T., Nasreen, S.: A survey of feature selection and feature extraction techniques in machine learning. In: Proceedings of 2014 Science and Information Conference, pp. 372–378. IEEE (2014)
Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: Proceedings of 25th USENIX Security Symposium, pp. 757–772. USENIX Association (2016)
Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98–119. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_5
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1
Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM (2017)
Maiorca, D., Mercaldo, F., Giacinto, G., Visaggio, C.A., Martinelli, F.: R-packdroid: API package-based characterization and detection of mobile ransomware. In: Proceedings of the Symposium on Applied Computing, pp. 1718–1723. ACM (2017)
Miranda, L.J.V., et al.: PySwarms: a research toolkit for particle swarm optimization in Python. J. Open Source Softw. 3(21), 433 (2018)
Mistry, K., Zhang, L., Neoh, S.C., Lim, C.P., Fielding, B.: A micro-GA embedded PSO feature selection approach to intelligent facial emotion recognition. IEEE Trans. Cybern. 47(6), 1496–1509 (2016)
Mohurle, S., Patil, M.: A brief study of wannacry threat: ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5), (2017)
Monika, Zavarsky, P., Lindskog, D.: Experimental analysis of ransomware on windows and android platforms: evolution and characterization. Procedia Comput. Sci. 94, 465–472 (2016)
O’Brien, D., DiMaggio, J., Nguyen, H.G.: Targeted Ransomware: An ISTR Special Report. Whitepaper, Symantec Corporation (2019)
Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2011)
Rossum, G.: Python library reference. Technical report (1995)
Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: Proceedings of the 36th International Conference on Distributed Computing Systems, pp. 303–312. IEEE (2016)
Sgandurra, D., Muñoz-González, L., Mohsen, R., Lupu, E.C.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection. Computing Research Repository abs/1609.03020 (2016)
Shi, Y., Eberhart, R.C.: Parameter selection in particle swarm optimization. In: Porto, V.W., Saravanan, N., Waagen, D., Eiben, A.E. (eds.) EP 1998. LNCS, vol. 1447, pp. 591–600. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0040810
Souri, A., Hosseini, R.: A state-of-the-art survey of malware detection approaches using data mining techniques. Hum.-Centric Comput. Inf. Sci. 8(1) (2018). https://doi.org/10.1186/s13673-018-0125-x
Sun, Z.L., Huang, D.S., Cheung, Y.M., Liu, J., Huang, G.B.: Using FCMC, FVS, and PCA techniques for feature extraction of multispectral images. IEEE Geosci. Remote Sens. Lett. 2(2), 108–112 (2005)
Xue, B., Zhang, M., Browne, W.N., Yao, X.: A survey on evolutionary computation approaches to feature selection. IEEE Trans. Evol. Comput. 20(4), 606–626 (2016)
Young, A.L., Yung, M.: Cryptovirology. Commun. ACM 60(7), 24–26 (2017)
Zhang, Y., Wang, S., Phillips, P., Ji, G.: Binary PSO with mutation operator for feature selection using decision tree applied to spam detection. Knowl.-Based Syst. 64, 22–31 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Abbasi, M.S., Al-Sahaf, H., Welch, I. (2020). Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification. In: Castillo, P.A., Jiménez Laredo, J.L., Fernández de Vega, F. (eds) Applications of Evolutionary Computation. EvoApplications 2020. Lecture Notes in Computer Science(), vol 12104. Springer, Cham. https://doi.org/10.1007/978-3-030-43722-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-43722-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43721-3
Online ISBN: 978-3-030-43722-0
eBook Packages: Computer ScienceComputer Science (R0)