Comprehensive Ransomware Detection: Optimization of Feature Selection through Machine Learning Algorithms and Explainable AI on Memory Analysis
Resumo
The increase in ransomware attacks has underscored the need for ro bust cybersecurity measures. To combat these sophisticated threats, organiza tions must implement strong defenses, including cutting-edge technologies like machine learning to detect early signs of ransomware in their systems. This paper presents a comprehensive study on ransomware detection, highlighting the integration of machine learning algorithms and explainable artificial intelli gence (XAI) techniques to enhance the transparency and reliability of predictive models in this field. Our focus relies on optimizing features within the CIC-MalMem-2022 dataset, which contains various memory-based malware sam ples. We also use the decision tree algorithm to identify influential features and uses the SHAP model for transparent decision-making. The results demonstrate that the algorithms can efficiently detect ransomware using only five optimized features.Referências
Abualhaj, M. M. and Al-Khatib, S. N. (2024). Using decision tree classifier to detect trojan horse based on memory data. TELKOMNIKA (Telecommunication Computing Electronics and Control), 22(2):393–400.
Aljabri, M., Alhaidari, F., Albuainain, A., Alrashidi, S., Alansari, J., Alqahtani, W., and Alshaya, J. (2024). Ransomware detection based on machine learning using memory features. Egyptian Informatics Journal, 25:100445.
Alraizza, A. and Algarni, A. (2023). Ransomware detection using machine learning: A survey. Big Data and Cognitive Computing, 7(3):143.
Aslan, Ö. A. and Samet, R. (2020). A comprehensive review on malware detection approaches. IEEE access, 8:6249–6271.
Balasubramanian, K. M., Vasudevan, S. V., Thangavel, S. K., Kumar, G., Srinivasan, K., Tibrewal, A., and Vajipayajula, S. (2023). Obfuscated malware detection using machine learning models. In 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT), pages 1–8. IEEE.
Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., and Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & security, 111:102490.
Bensaoud, A., Kalita, J., and Bensaoud, M. (2024). A survey of malware detection using deep learning. Machine Learning With Applications, 16:100546.
Bruna Moralejo, L. (2023). Machine learning for malware detection and classification.
Master’s thesis, Universitat Politècnica de Catalunya.
Canadian Institute for Cybersecurity (2022). CIC-MalMem-2022 Dataset. [link]. Accessed: 10-01-2024.
Carrier, T. (2021). Detecting obfuscated malware using memory feature engineering.
Dener, M., Ok, G., and Orman, A. (2022). Malware detection using memory analysis data in big data environment. Applied Sciences, 12(17):8604.
Galli, A., La Gatta, V., Moscato, V., Postiglione, M., and Sperlı̀, G. (2024). Explainability in ai-based behavioral malware detection systems. Computers & Security, 141:103842.
Herrera-Silva, J. A. and Hernández-Álvarez, M. (2023). Dynamic feature dataset for ransomware detection using machine learning algorithms. Sensors, 23(3):1053.
Hornetsecurity (2022). Ransomware attacks survey 2022. Accessed: 05-31-2024.
Liu, H. and Motoda, H. (2007). Computational methods of feature selection. CRC press.
Malik, S., Shanmugam, B., Kannorpatti, K., and Azam, S. (2022). Critical feature selection for machine learning approaches to detect ransomware. International Journal of Computing and Digital Systems, 11(1):1168–1176.
Mezina, A. and Burget, R. (2022). Obfuscated malware detection using dilated convolutional network. In 2022 14th international congress on ultra modern telecommunications and control systems and workshops (ICUMT), pages 110–115. IEEE.
Naseer, M., Rusdi, J. F., Shanono, N. M., Salam, S., Muslim, Z. B., Abu, N. A., and Abadi, I. (2021). Malware detection: issues and challenges. In Journal of Physics: Conference Series, volume 1807, page 012011. IOP Publishing.
Nasser, Y. and Nassar, M. (2023). Toward hardware-assisted malware detection utilizing explainable machine learning: A survey. IEEE Access, 11:131273–131288.
Nissim, N., Lahav, O., Cohen, A., Elovici, Y., and Rokach, L. (2019). Volatile memory analysis using the minhash method for efficient and secured detection of malware in private cloud. Computers & Security, 87:101590.
Othman, H., AlHija, M. A., and Alsharaiah, M. A. (2024). Toward enhancing malware detection using practical swarm optimization in honeypot. International Journal of Intelligent Engineering & Systems, 17(1).
Routray, S., Prusti, D., and Rath, S. K. (2023). Ransomware attack detection by applying machine learning techniques. In Machine Intelligence Techniques for Data Analysis and Signal Processing: Proceedings of the 4th International Conference MISP 2022, Volume 1, pages 765–776. Springer.
Scalas, M. et al. (2021). Malware analysis and detection with explainable machine learning.
Shafin, S. S., Karmakar, G., and Mareels, I. (2023). Obfuscated memory malware detection in resource-constrained iot devices for smart city applications. Sensors, 23(11):5348.
Sihwail, R., Omar, K., and Arifin, K. A. Z. (2021). An effective memory analysis for malware detection and classification. Computers, Materials & Continua, 67(2).
Smith Jr, D. Q. (2023). Exploring Machine Learning for Malware Detection With Feature Selection, Explainable AI, and Generative Adversarial Networks. PhD thesis, North Carolina Agricultural and Technical State University.
Aljabri, M., Alhaidari, F., Albuainain, A., Alrashidi, S., Alansari, J., Alqahtani, W., and Alshaya, J. (2024). Ransomware detection based on machine learning using memory features. Egyptian Informatics Journal, 25:100445.
Alraizza, A. and Algarni, A. (2023). Ransomware detection using machine learning: A survey. Big Data and Cognitive Computing, 7(3):143.
Aslan, Ö. A. and Samet, R. (2020). A comprehensive review on malware detection approaches. IEEE access, 8:6249–6271.
Balasubramanian, K. M., Vasudevan, S. V., Thangavel, S. K., Kumar, G., Srinivasan, K., Tibrewal, A., and Vajipayajula, S. (2023). Obfuscated malware detection using machine learning models. In 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT), pages 1–8. IEEE.
Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., and Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & security, 111:102490.
Bensaoud, A., Kalita, J., and Bensaoud, M. (2024). A survey of malware detection using deep learning. Machine Learning With Applications, 16:100546.
Bruna Moralejo, L. (2023). Machine learning for malware detection and classification.
Master’s thesis, Universitat Politècnica de Catalunya.
Canadian Institute for Cybersecurity (2022). CIC-MalMem-2022 Dataset. [link]. Accessed: 10-01-2024.
Carrier, T. (2021). Detecting obfuscated malware using memory feature engineering.
Dener, M., Ok, G., and Orman, A. (2022). Malware detection using memory analysis data in big data environment. Applied Sciences, 12(17):8604.
Galli, A., La Gatta, V., Moscato, V., Postiglione, M., and Sperlı̀, G. (2024). Explainability in ai-based behavioral malware detection systems. Computers & Security, 141:103842.
Herrera-Silva, J. A. and Hernández-Álvarez, M. (2023). Dynamic feature dataset for ransomware detection using machine learning algorithms. Sensors, 23(3):1053.
Hornetsecurity (2022). Ransomware attacks survey 2022. Accessed: 05-31-2024.
Liu, H. and Motoda, H. (2007). Computational methods of feature selection. CRC press.
Malik, S., Shanmugam, B., Kannorpatti, K., and Azam, S. (2022). Critical feature selection for machine learning approaches to detect ransomware. International Journal of Computing and Digital Systems, 11(1):1168–1176.
Mezina, A. and Burget, R. (2022). Obfuscated malware detection using dilated convolutional network. In 2022 14th international congress on ultra modern telecommunications and control systems and workshops (ICUMT), pages 110–115. IEEE.
Naseer, M., Rusdi, J. F., Shanono, N. M., Salam, S., Muslim, Z. B., Abu, N. A., and Abadi, I. (2021). Malware detection: issues and challenges. In Journal of Physics: Conference Series, volume 1807, page 012011. IOP Publishing.
Nasser, Y. and Nassar, M. (2023). Toward hardware-assisted malware detection utilizing explainable machine learning: A survey. IEEE Access, 11:131273–131288.
Nissim, N., Lahav, O., Cohen, A., Elovici, Y., and Rokach, L. (2019). Volatile memory analysis using the minhash method for efficient and secured detection of malware in private cloud. Computers & Security, 87:101590.
Othman, H., AlHija, M. A., and Alsharaiah, M. A. (2024). Toward enhancing malware detection using practical swarm optimization in honeypot. International Journal of Intelligent Engineering & Systems, 17(1).
Routray, S., Prusti, D., and Rath, S. K. (2023). Ransomware attack detection by applying machine learning techniques. In Machine Intelligence Techniques for Data Analysis and Signal Processing: Proceedings of the 4th International Conference MISP 2022, Volume 1, pages 765–776. Springer.
Scalas, M. et al. (2021). Malware analysis and detection with explainable machine learning.
Shafin, S. S., Karmakar, G., and Mareels, I. (2023). Obfuscated memory malware detection in resource-constrained iot devices for smart city applications. Sensors, 23(11):5348.
Sihwail, R., Omar, K., and Arifin, K. A. Z. (2021). An effective memory analysis for malware detection and classification. Computers, Materials & Continua, 67(2).
Smith Jr, D. Q. (2023). Exploring Machine Learning for Malware Detection With Feature Selection, Explainable AI, and Generative Adversarial Networks. PhD thesis, North Carolina Agricultural and Technical State University.
Publicado
16/09/2024
Como Citar
LEONEL, Lucas; MOLINOS, Diego Nunes; MIANI, Rodrigo Sanches.
Comprehensive Ransomware Detection: Optimization of Feature Selection through Machine Learning Algorithms and Explainable AI on Memory Analysis. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 123-138.
DOI: https://doi.org/10.5753/sbseg.2024.241693.