Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection
Crypto-ransomware is a type of malware whose effect is irreversible even after detection and removal. Thus, early detection is crucial to protect user files from being encrypted and held to ransom. Several studies have proposed early detection solutions based on the data acquired during the pre-encr...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier B.V.
2021
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/94618/1/MohdAizainiMaarof2021_RedundancyCoefficientGradualUpweightingbasedMutual.pdf http://eprints.utm.my/id/eprint/94618/ http://dx.doi.org/10.1016/j.future.2020.10.002 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Malaysia |
| Language: | English |
| id |
my.utm.94618 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.946182022-03-31T15:51:29Z http://eprints.utm.my/id/eprint/94618/ Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection Al-rimy, Bander Ali Saleh Maarof, Mohd. Aizaini Alazab, Mamoun Mohd. Shaid, Syed Zainudeen A. Ghaleb, Fuad Almalawi, Abdulmohsen Ali, Abdullah Marish Al-Hadhrami, Tawfik QA75 Electronic computers. Computer science Crypto-ransomware is a type of malware whose effect is irreversible even after detection and removal. Thus, early detection is crucial to protect user files from being encrypted and held to ransom. Several studies have proposed early detection solutions based on the data acquired during the pre-encryption phase of the attacks. However, the lack of sufficient data in the early phases of the attack adversely affects the ability of feature selection techniques in these models to perceive the common characteristics of the attack features, which makes it challenging to reduce the redundant features, consequently decreasing the detection accuracy. Therefore, this study proposes a novel Redundancy Coefficient Gradual Upweighting (RCGU) technique that makes better redundancy–relevancy trade-offs during feature selection. Unlike existing feature significance estimation techniques that rely on the comparison between the candidate feature and the common characteristics of the already-selected features, RCGU compares the mutual information between the candidate feature and each feature in the selected set individually. Therefore, RCGU increases the weight of the redundancy term proportional to the number of already selected features. By integrating the RCGU into the Mutual Information Feature Selection (MIFS) technique, the Enhanced MIFS (EMIFS) was developed. Further improvement was achieved by proposing MM-EMIFS which incorporates the MaxMin approximation with EMIFS to prevent the redundancy overestimation that RCGU could cause when the number of features in the already-selected set increases. The experimental evaluation shows that the proposed techniques achieved accuracy higher than that in related works, which confirms the ability of RCGU to make better redundancy–relevancy trade-offs and select more discriminative pre-encryption attack features compared to existing solutions. Elsevier B.V. 2021 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/94618/1/MohdAizainiMaarof2021_RedundancyCoefficientGradualUpweightingbasedMutual.pdf Al-rimy, Bander Ali Saleh and Maarof, Mohd. Aizaini and Alazab, Mamoun and Mohd. Shaid, Syed Zainudeen and A. Ghaleb, Fuad and Almalawi, Abdulmohsen and Ali, Abdullah Marish and Al-Hadhrami, Tawfik (2021) Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection. Future Generation Computer Systems, 115 . pp. 641-658. ISSN 0167-739X http://dx.doi.org/10.1016/j.future.2020.10.002 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Al-rimy, Bander Ali Saleh Maarof, Mohd. Aizaini Alazab, Mamoun Mohd. Shaid, Syed Zainudeen A. Ghaleb, Fuad Almalawi, Abdulmohsen Ali, Abdullah Marish Al-Hadhrami, Tawfik Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection |
| description |
Crypto-ransomware is a type of malware whose effect is irreversible even after detection and removal. Thus, early detection is crucial to protect user files from being encrypted and held to ransom. Several studies have proposed early detection solutions based on the data acquired during the pre-encryption phase of the attacks. However, the lack of sufficient data in the early phases of the attack adversely affects the ability of feature selection techniques in these models to perceive the common characteristics of the attack features, which makes it challenging to reduce the redundant features, consequently decreasing the detection accuracy. Therefore, this study proposes a novel Redundancy Coefficient Gradual Upweighting (RCGU) technique that makes better redundancy–relevancy trade-offs during feature selection. Unlike existing feature significance estimation techniques that rely on the comparison between the candidate feature and the common characteristics of the already-selected features, RCGU compares the mutual information between the candidate feature and each feature in the selected set individually. Therefore, RCGU increases the weight of the redundancy term proportional to the number of already selected features. By integrating the RCGU into the Mutual Information Feature Selection (MIFS) technique, the Enhanced MIFS (EMIFS) was developed. Further improvement was achieved by proposing MM-EMIFS which incorporates the MaxMin approximation with EMIFS to prevent the redundancy overestimation that RCGU could cause when the number of features in the already-selected set increases. The experimental evaluation shows that the proposed techniques achieved accuracy higher than that in related works, which confirms the ability of RCGU to make better redundancy–relevancy trade-offs and select more discriminative pre-encryption attack features compared to existing solutions. |
| format |
Article |
| author |
Al-rimy, Bander Ali Saleh Maarof, Mohd. Aizaini Alazab, Mamoun Mohd. Shaid, Syed Zainudeen A. Ghaleb, Fuad Almalawi, Abdulmohsen Ali, Abdullah Marish Al-Hadhrami, Tawfik |
| author_facet |
Al-rimy, Bander Ali Saleh Maarof, Mohd. Aizaini Alazab, Mamoun Mohd. Shaid, Syed Zainudeen A. Ghaleb, Fuad Almalawi, Abdulmohsen Ali, Abdullah Marish Al-Hadhrami, Tawfik |
| author_sort |
Al-rimy, Bander Ali Saleh |
| title |
Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection |
| title_short |
Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection |
| title_full |
Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection |
| title_fullStr |
Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection |
| title_full_unstemmed |
Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection |
| title_sort |
redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection |
| publisher |
Elsevier B.V. |
| publishDate |
2021 |
| url |
http://eprints.utm.my/id/eprint/94618/1/MohdAizainiMaarof2021_RedundancyCoefficientGradualUpweightingbasedMutual.pdf http://eprints.utm.my/id/eprint/94618/ http://dx.doi.org/10.1016/j.future.2020.10.002 |
| _version_ |
1729703197607460864 |