Ransomware attacks have become a major threat to organizations and individuals, as such an attack can cause significant financial loss and disruption to business operations. Traditional methods of ransomware detection, such as signature-based detection and heuristic-based detection, have proven to be inadequate in dealing with the constantly evolving ransomware variants.
Machine learning (ML)-based detection methods have shown promise in detecting ransomware. These methods rely on the extraction of relevant features from the samples and the training of a classifier to distinguish between ransomware and non-ransomware samples. Due to the high dimensionality of the feature space, machine learning algorithms can be employed to identify a crucial subset of features which in turn enhances the detection accuracy.
This research presents a novel approach that combines ensemble classifiers with feature selection using the Particle Swarm Optimization (PSO) algorithm. The objective is to improve the detection accuracy and reduce false positives and false negatives in classification tasks. Two separate ensemble models were constructed: one comprising Random Forest (RF) and Support Vector Machine (SVM) classifiers, and the other consisting of Decision Tree (DT) and K-Nearest Neighbors (KNN) classifiers. The PSO algorithm was employed to determine the optimal features and their corresponding weights for each ensemble classifier.
Experiments were conducted to evaluate the performance of the proposed approach and the results demonstrated that integrating PSO for feature selection significantly enhanced the overall detection rate compared to using all features with equal weights. By identifying the most relevant features and assigning appropriate weights, the ensemble classifiers achieved higher accuracy and improved the overall classification performance.