Content area
Problem statement
Ransomware attacks pose a severe threat to organizations by exploiting security weaknesses, most often leading to colossal economic and information loss. There is a growing need for efficient and accurate predictive models to detect and prevent such attacks in real-time cybersecurity applications.
Methodology
This paper utilizes the UGRansome dataset, which is a large-scale ransomware and zero-day attack detector. The F-measure method is employed in this paper as a novel method for enhancing model interpretability and preventing redundancy. The Histogram Gradient Boosting classifier, which is optimized, is subsequently enhanced with three advanced metaheuristic optimizers. Sensitivity analysis provides transparent insights into the effects of individual attributes through explainable AI. Finally, the Wilcoxon ranking test is applied to ensure the statistical significance of the performance gain, and K-fold cross-validation ensures robustness and generalizability of the reported models. In addition, Recursive Feature Elimination (RFE) is also applied to rank the features to identify the most important predictors methodically. Sensitivity analysis is also performed utilizing SHapley Additive exPlanations (SHAP) values to present explainable and transparent perspectives on individual feature impacts on the model’s output.
Results
The hybrid models proposed here exhibit significant gains in prediction accuracy, precision, and recall. The feature importance analysis indicates that economic and behavioral features of the network equally contribute to correct ransomware identification.
Contributions
This work introduces an evaluation of a strong and scalable model for ransomware forecasting that enables organizations to predict threats ahead of time and improve their general cybersecurity capabilities. The integration of cutting-edge feature selection with nature-inspired optimization enables the framework to create more accurate models while maintaining interpretability and efficiency. The method is directly translatable to real-world scenarios, including enhancing cloud security, detecting zero-day attacks, and supporting mass-scale automated threat scanning in fluctuating cybersecurity environments.
Details
Small business;
Machine learning;
Accuracy;
Deep learning;
Trends;
Sensitivity analysis;
Prediction models;
Organizations;
Optimization;
Small & medium sized enterprises-SME;
Classification;
Digital currencies;
Feature selection;
Ransomware;
Malware;
Algorithms;
Outdoor air quality;
Real time;
Cloud computing;
Explainable artificial intelligence;
Cybersecurity;
Heuristic methods;
Big Data;
Measures;
Statistical significance;
Threats;
Redundancy;
Models;
Robustness;
Generalizability;
Classifiers;
Recursion;
Security;
Elimination;
Forecasting
1 Hainan Normal University, School of Information Science and Technology, Haikou, China (GRID:grid.440732.6) (ISNI:0000 0000 8551 5345); Hainan University, School of Information and Communication Engineering, Haikou, China (GRID:grid.428986.9) (ISNI:0000 0001 0373 6302); Hainan Normal University, Hainan Engineering Research Center for Smart Education Technology, Haikou, China (GRID:grid.440732.6) (ISNI:0000 0000 8551 5345)
2 Hainan Vocational University of Science and Technology, Hainan Engineering Research Center for Virtual Reality Technology and Systems, Haikou, China (GRID:grid.440732.6)
3 Hainan University, School of Information and Communication Engineering, Haikou, China (GRID:grid.428986.9) (ISNI:0000 0001 0373 6302)
4 Hainan Normal University, School of Information Science and Technology, Haikou, China (GRID:grid.440732.6) (ISNI:0000 0000 8551 5345); Hainan Normal University, Hainan Engineering Research Center for Smart Education Technology, Haikou, China (GRID:grid.440732.6) (ISNI:0000 0000 8551 5345)
5 Hainan Normal University, School of Foreign Languages, Haikou, China (GRID:grid.440732.6) (ISNI:0000 0000 8551 5345)