Muhammad Shabbir Abbasi, Harith Al-Sahaf, I. Welch
{"title":"Automated Behavior-based Malice Scoring of Ransomware Using Genetic Programming","authors":"Muhammad Shabbir Abbasi, Harith Al-Sahaf, I. Welch","doi":"10.1109/SSCI50451.2021.9660009","DOIUrl":null,"url":null,"abstract":"Malice or severity scoring models are a technique for detection of maliciousness. A few ransomware detection studies utilise malice scoring models for detection of ransomware-like behavior. These models rely on the weighted sum of some manually chosen features and their weights by a domain expert. To automate the modelling of malice scoring for ransomware detection, we propose a method based on Genetic Programming (GP) that automatically evolves a behavior-based malice scoring model by selecting appropriate features and functions from the input feature and operator sets. The experimental results show that the best-evolved model correctly assigned a malice score, below the threshold value to over 85% of the unseen goodware instances, and over the threshold value to more than 99% of the unseen ransomware instances.","PeriodicalId":255763,"journal":{"name":"2021 IEEE Symposium Series on Computational Intelligence (SSCI)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium Series on Computational Intelligence (SSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSCI50451.2021.9660009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Malice or severity scoring models are a technique for detection of maliciousness. A few ransomware detection studies utilise malice scoring models for detection of ransomware-like behavior. These models rely on the weighted sum of some manually chosen features and their weights by a domain expert. To automate the modelling of malice scoring for ransomware detection, we propose a method based on Genetic Programming (GP) that automatically evolves a behavior-based malice scoring model by selecting appropriate features and functions from the input feature and operator sets. The experimental results show that the best-evolved model correctly assigned a malice score, below the threshold value to over 85% of the unseen goodware instances, and over the threshold value to more than 99% of the unseen ransomware instances.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
