Litcius/Paper detail

Enhanced ransomware attacks detection using feature selection, sensitivity analysis, and optimized hybrid model

Kun Zhang, Yetong Wang, Uzair Aslam Bhatti, Yu Zhou, Ming Jin

2025Journal Of Big Data28 citationsDOIOpen Access PDF

Abstract

Ransomware attacks pose a severe threat to organizations by exploiting security weaknesses, most often leading to colossal economic and information loss. There is a growing need for efficient and accurate predictive models to detect and prevent such attacks in real-time cybersecurity applications. This paper utilizes the UGRansome dataset, which is a large-scale ransomware and zero-day attack detector. The F-measure method is employed in this paper as a novel method for enhancing model interpretability and preventing redundancy. The Histogram Gradient Boosting classifier, which is optimized, is subsequently enhanced with three advanced metaheuristic optimizers. Sensitivity analysis provides transparent insights into the effects of individual attributes through explainable AI. Finally, the Wilcoxon ranking test is applied to ensure the statistical significance of the performance gain, and K-fold cross-validation ensures robustness and generalizability of the reported models. In addition, Recursive Feature Elimination (RFE) is also applied to rank the features to identify the most important predictors methodically. Sensitivity analysis is also performed utilizing SHapley Additive exPlanations (SHAP) values to present explainable and transparent perspectives on individual feature impacts on the model’s output. The hybrid models proposed here exhibit significant gains in prediction accuracy, precision, and recall. The feature importance analysis indicates that economic and behavioral features of the network equally contribute to correct ransomware identification. This work introduces an evaluation of a strong and scalable model for ransomware forecasting that enables organizations to predict threats ahead of time and improve their general cybersecurity capabilities. The integration of cutting-edge feature selection with nature-inspired optimization enables the framework to create more accurate models while maintaining interpretability and efficiency. The method is directly translatable to real-world scenarios, including enhancing cloud security, detecting zero-day attacks, and supporting mass-scale automated threat scanning in fluctuating cybersecurity environments.

Topics & Concepts

RansomwareComputer scienceInterpretabilityRobustness (evolution)Feature selectionMachine learningData miningArtificial intelligenceSensitivity (control systems)Feature (linguistics)Wilcoxon signed-rank testBoosting (machine learning)ScalabilityComputational intelligenceArtificial neural networkNetwork securityBenchmark (surveying)Feature extractionGradient boostingDimensionality reductionRanking (information retrieval)Feature engineeringComputational Science and EngineeringVisualizationSecurity analysisHistogramInformation sensitivityMalwareStatistical modelProbabilistic logicGeneralizability theoryCryptographyLinear discriminant analysisAdvanced Malware Detection TechniquesInformation and Cyber SecuritySpam and Phishing Detection
Enhanced ransomware attacks detection using feature selection, sensitivity analysis, and optimized hybrid model | Litcius