Concerns about ransomware attacks have heightened in recent years for both individuals and organizations. Detecting these malicious attacks poses considerable challenges for cybersecurity professionals, particularly due to their ever-evolving nature. Although behavior-based detection methods show promise in recognizing new ransomware variants, they face significant hurdles, especially in managing the massive volumes of data generated from real-time malware behavior monitoring, leading to high dimensionality. This paper introduces a new feature selection approach specifically for binary ransomware detection. Our method emphasizes assessing the impact of feature categories on the effectiveness and speed of detection algorithms. It involves two stages: the first stage selects the most relevant groups (categories) of features, while the second ranks and identifies the important features within those categories. Experimental results indicate that our approach surpasses similar studies regarding accuracy and ability to minimize the original features set. Moreover, both computation speed and accuracy are notably enhanced when using the selected subset compared to the original features.

Anomaly detection; Behavior analysis; Feature selection; Machine learning; Ransomware