Behavior-based ransomware classification: A particle swarm optimization wrapper-based approach for feature selection

Abbasi, Muhammad Shabbir; Al-Sahaf, Harith; Mansoori, Masood; Welch, Ian

doi:10.1016/j.asoc.2022.108744

Cited by 53 publications

(22 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The average count of features selected by bBSSMA across 𝐾 runs was determined to grasp the FS tendencies of algorithm which is calculated by Eq. (23).…”

Section: Average Number Of Features Selectedmentioning

confidence: 99%

“…Given the 2 n combinations within a dataset containing n features, conducting an exhaustive search through all subsets becomes impractical, particularly for datasets with large n. Conventional mathematics-based methods like gradient descent [17], conjugate gradient [18], Newton's method [19], and quasi-Newton's method [20] are considered inappropriate for the FS task due to the high dimensionality and discrete search space. To overcome this challenge, various strategies are employed in FS, with filter [21], wrapper [22][23][24][25][26], and embedded methods [27,28] being the most frequently used. However, in the presence of datasets with numerous features, filter methods often exhibit suboptimal performance as they select features solely based on their statistical measures, disregarding the correlation between features.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Enhanced slime mould algorithm with backtracking search algorithm: global optimization and feature selection

Wang,

Chen,

Zou

et al. 2024

Preprint

View full text Add to dashboard Cite

The Slime Mould Algorithm (SMA), renowned for its swarm-based approach, encounters challenges, particularly in maintaining a balance between exploration and exploitation, leading to a trade-off that impacts its optimization performance. The simple structure and limited hyperparameters of SMA contribute to difficulties in effectively navigating the exploration-exploitation trade-off, with a drawback being its poor ability for exploration. To address these challenges and enhance SMA, this paper introduces BSSMA, an improved variant that incorporates the Backtracking Search Algorithm (BSA). The introduction of the \(phaseratio\) parameter aims to synergize BSA and SMA, capitalizing on the strengths of both algorithms while mitigating their individual drawbacks, including SMA's poor exploration ability. BSA facilitates a thorough exploration, dispersing search agents widely across the solution space, ensuring significant diversity. These search agents then transition to SMA to further refine the search for optimal solutions while addressing SMA's exploration limitations. Evaluating the performance of BSSMA involves comparisons with 12 other meta-heuristic algorithms (MAs) and 10 advanced MAs using the CEC2017 benchmark functions. Experimental results showcase that the enhanced BSSMA outperforms SMA in terms of convergence speed and accuracy, specifically addressing the challenges associated with balancing exploration and exploitation trade-offs, including SMA's poor exploration ability. Additionally, to demonstrate BSSMA's effectiveness in practical engineering applications, a binary version (bBSSMA) is developed for feature selection (FS) using a V-shaped transfer function. Comparative experiments with seven other binary MA variants reveal that bBSSMA selects fewer features, attains higher classification accuracy, and demands less computational time. These results affirm the effectiveness of bBSSMA for practical feature selection applications.

show abstract

“…The average count of features selected by bBSSMA across 𝐾 runs was determined to grasp the FS tendencies of algorithm which is calculated by Eq. (23).…”

Section: Average Number Of Features Selectedmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Enhanced slime mould algorithm with backtracking search algorithm: global optimization and feature selection

Wang,

Chen,

Zou

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…In Zhang et al (2019), Zhang used a static method to generate N‐grams from the ransomware dataset and he computed the Term frequency‐inverse document frequency (TF‐IDF) for each N‐gram. Another study (Abbasi et al, 2022) used Particle Swarm Optimization (PSO) to select the most informative features to improve ransomware prediction. Alzubi et al (2021) proposed Harris Hawks Optimization (HHO) and Support Vector Machine (SVM) for ransomware prediction.…”

Section: Literature Reviewmentioning

confidence: 99%

Android ransomware detection using binary Jaya optimization algorithm

Alazab

2023

Expert Systems

View full text Add to dashboard Cite

Ransomware is a serious security concern to mobile devices, as it prevents the use of the device and its contents until a ransom is paid, resulting in considerable financial losses for both people and corporations. The existing anti‐malware measures have shown to be inadequate in combatting new malware variants that utilize advanced evasion strategies like Polymorphic, Metamorphic, Dynamic Code Loading, Time‐based evasion, and Reflection. Furthermore, these primary defences have also suffered from low detection rates, significant false positives, high processing times, and excessive processing and power consumption that is inappropriate for smartphones. This paper offers the binary JAYA (BJAYA) for ransomware detection in Android mobile devices using the BJAYA optimization‐based algorithm. The developed algorithm's effectiveness has been assessed against two datasets, the 0–1 knapsack, and real ransomware dataset. The proposed BJAYA method surpassed the other algorithms on 85% of the 0–1 knapsack datasets. The suggested BJAYA method was also tested on a ransomware dataset in two phases. In the first stage of testing, BJAYA outperformed other standard classifiers with sensitivity and Gmean values of 97% and 98.2%, respectively. In the second stage of testing, BJAYA outperformed other GA, FPA, and PSO metaheuristic algorithms in terms of specificity, sensitivity, and Gmean. These findings indicate the applicability of the suggested BJAYA algorithm for ransomware detection.

show abstract

“…To further improve the selection, the PSO was used in the second stage to select the optimum number of features from each group based on a wrapped Regularized Logistic Regression (RLR) classification algorithm. The same authors have done further research [52] and compared the performance of variants of PSO, such as Variable-Length Particle Swarm Optimization (VarLenPSO) and Self-adaptive Particle Swarm Optimization (SaPSO). They have also experimented with different classification algorithms, such as, Regularized Logistic Regression (RLR), Random Forest (RF), Decision Tree (DT), Support Vector Machine (SVM) and K-Nearest Neighbor (KNN) in both binary and multi-class setup, and how they affect the overall accuracy of the model.…”

Section: Machine Learning-based Detection Techniquesmentioning

confidence: 99%

Feature Selection using Particle Swarm Optimization and Ensemble-based Machine Learning Models for Ransomware Detection

Gurukala,

Verma

2023

Preprint

View full text Add to dashboard Cite

Ransomware attacks have become a major threat to organizations and individuals, as such an attack can cause significant financial loss and disruption to business operations. Traditional methods of ransomware detection, such as signature-based detection and heuristic-based detection, have proven to be inadequate in dealing with the constantly evolving ransomware variants. Machine learning (ML)-based detection methods have shown promise in detecting ransomware. These methods rely on the extraction of relevant features from the samples and the training of a classifier to distinguish between ransomware and non-ransomware samples. Due to the high dimensionality of the feature space, machine learning algorithms can be employed to identify a crucial subset of features which in turn enhances the detection accuracy. This research presents a novel approach that combines ensemble classifiers with feature selection using the Particle Swarm Optimization (PSO) algorithm. The objective is to improve the detection accuracy and reduce false positives and false negatives in classification tasks. Two separate ensemble models were constructed: one comprising Random Forest (RF) and Support Vector Machine (SVM) classifiers, and the other consisting of Decision Tree (DT) and K-Nearest Neighbors (KNN) classifiers. The PSO algorithm was employed to determine the optimal features and their corresponding weights for each ensemble classifier. Experiments were conducted to evaluate the performance of the proposed approach and the results demonstrated that integrating PSO for feature selection significantly enhanced the overall detection rate compared to using all features with equal weights. By identifying the most relevant features and assigning appropriate weights, the ensemble classifiers achieved higher accuracy and improved the overall classification performance.

show abstract

Behavior-based ransomware classification: A particle swarm optimization wrapper-based approach for feature selection

Cited by 53 publications

References 29 publications

Enhanced slime mould algorithm with backtracking search algorithm: global optimization and feature selection

Enhanced slime mould algorithm with backtracking search algorithm: global optimization and feature selection

Android ransomware detection using binary Jaya optimization algorithm

Feature Selection using Particle Swarm Optimization and Ensemble-based Machine Learning Models for Ransomware Detection

Contact Info

Product

Resources

About