RFSA : a ransomware feature selection algorithm for multivariate analysis of malware behavior in cryptocurrency

Show simple item record

dc.contributor.author Wa Nkongolo, Mike Nkongolo
dc.date.accessioned 2024-10-16T12:39:34Z
dc.date.available 2024-10-16T12:39:34Z
dc.date.issued 2024-02
dc.description.abstract This research introduces innovative features tailored to capture distinctive characteristics of ransomware activity within the cryptocurrency ecosystem. The study employs a multifaceted analysis to delve into ransomware-related data encompassing transaction metadata, ransom analysis, behavioral patterns, and financial aspects. A feature selection algorithm is explored to discern ransomware transactions in Bitcoin (BTC) and the United States Dollar (USD) using the UGRansome dataset. This comprehensive dataset of ransomware-related transactions facilitates the proposal of novel features designed to capture the unique traits of ransomware activity. The correlation matrix and temporal analysis of these features contribute to a nuanced understanding of the dynamic nature of ransomware threats. The research presents the Ransomware Feature Selection Algorithm (RFSA) based on Gini Impurity and Mutual Information (MI) to effectively select crucial ransomware features. Evaluation metrics such as precision, recall, accuracy, and F1 score highlight the effectiveness of the RFSA. The analysis reveals that approximately 68% of ransomware incidents involve BTC transactions ranging from 1.46 to 2.56, with an average of 2.01 BTC transactions per attack. Moreover, ransomware causes financial damages ranging from 4.38 to 172.36 USD, with an average damage of 88.37 USD. The RFSA identifies 17 ransomware types and their associated malware to shed light on their characteristics. The study investigates the pricing of ransomware and reveals that TowerWeb is associated with the highest fee, amounting to 135.26 BTC, while CryptoLocker has the lowest fee, recorded at 10.51 BTC. Additionally, the impact of ransomware duration on financial gains and network flow is investigated, disclosing a correlation between extended duration and higher financial gains. The research achieves outstanding performance metrics, including an MI score of 95%, accuracy of 93%, recall of 92%, and precision of 89%. These results showcase the superiority of the proposed approach over existing studies, emphasizing the dynamic and adaptable nature of ransomware demands. The findings suggest that there is no fixed amount for specific cyberattacks. This underscores the importance of adapting to the evolving landscape of ransomware threats. en_US
dc.description.department Informatics en_US
dc.description.librarian hj2024 en_US
dc.description.sdg SDG-09: Industry, innovation and infrastructure en_US
dc.description.uri https://ijcds.uob.edu.bh/ en_US
dc.identifier.citation Wa Nkongolo, M.N. 2024, 'RFSA : a ransomware feature selection algorithm for multivariate analysis of malware behavior in cryptocurrency', International Journal of Computing and Digital Systems, vol. 15, no. 1, pp. 901-935, doi : 10.12785/ijcds/150165. en_US
dc.identifier.issn 2535-9886 (print)
dc.identifier.issn 2210-142X (online)
dc.identifier.other 10.12785/ijcds/150165
dc.identifier.uri http://hdl.handle.net/2263/98624
dc.language.iso en en_US
dc.publisher University of Bahrain en_US
dc.rights © 2023 IJCDS. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. en_US
dc.subject Ransomware en_US
dc.subject Cryptocurrency en_US
dc.subject Feature selection en_US
dc.subject UGRansome dataset en_US
dc.subject Cybersecurity threats en_US
dc.subject Machine learning en_US
dc.subject SDG-09: Industry, innovation and infrastructure en_US
dc.title RFSA : a ransomware feature selection algorithm for multivariate analysis of malware behavior in cryptocurrency en_US
dc.type Article en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record