Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification

Ransomware has emerged as a grave cyber threat. Many of the existing ransomware detection and classification models use datasets created through dynamic or behaviour analysis of ransomware, hence known as behaviour-based detection models. A big challenge in automated behaviour-based ransomware detection and classification is high dimensional data with numerous features distributed into various groups. Feature selection algorithms usually help to deal with high dimensionality for improving classification performance. In connection with ransomware detection and classification, the majority of the feature selection methods used in existing literature ignore the varying importance of various feature groups within ransomware behaviour analysis data set. For ransomware detection and classification, we propose a two-stage feature selection method that considers the varying importance of each of the feature groups in the dataset. The proposed method utilizes particle swarm optimization, a wrapper-based feature selection algorithm, for selection of the optimal number of features from each feature group to produce better classification performance. Although the proposed method shows comparable performance for binary classification, it performs significantly better for multi-class classification than existing feature selection method used for this purpose.