An Incremental Mutual Information-Selection Technique for Early Ransomware Detection

Gazzan, Mazen and Sheldon, Frederick T. (2024) An Incremental Mutual Information-Selection Technique for Early Ransomware Detection. Information, 15 (4). p. 194. ISSN 2078-2489

[thumbnail of information-15-00194.pdf] Text
information-15-00194.pdf - Published Version

Download (1MB)

Abstract

Ransomware attacks have emerged as a significant threat to critical data and systems, extending beyond traditional computers to mobile and IoT/Cyber–Physical Systems. This study addresses the need to detect early ransomware behavior when only limited data are available. A major step for training such a detection model is choosing a set of relevant and non-redundant features, which is challenging when data are scarce. Therefore, this paper proposes an incremental mutual information-selection technique as a method for selecting the relevant features at the early stages of ransomware attacks. It introduces an adaptive feature-selection technique that processes data in smaller, manageable batches. This approach lessens the computational load and enhances the system’s ability to quickly adapt to new data arrival, making it particularly suitable for ongoing attacks during the initial phases of the attack. The experimental results emphasize the importance of the proposed technique in estimating feature significance in limited data scenarios. Such results underscore the significance of the incremental approach as a proactive measure in addressing the escalating challenges posed by ransomware.

Item Type: Article
Subjects: STM Article > Multidisciplinary
Depositing User: Unnamed user with email support@stmarticle.org
Date Deposited: 01 Apr 2024 05:42
Last Modified: 01 Apr 2024 05:42
URI: http://publish.journalgazett.co.in/id/eprint/1970

Actions (login required)

View Item
View Item