Ransomware Detection Based on V-detector Negative Selection Algorithm

As a new type of malicious software, ransomw are is one of the biggest security threats in recent years. Inspired by biological immune system, a ransomware detection method based on V-detector negative selection algorithm with mutation optimization is proposed, which is referred to op-RDVD. The behavioral features of ransomware are extracted through dynamic analysis, such as hard disk reading and writing, the document encryption and deletion, etc. Some of benign samples are used to build the self space. The variable-sized detectors are generated both randomly and extracted from ransomware. To improve the ransomware detection accuracy and efficiency, optimize the space distribution of detectors through clone and mutation, achieving maximized coverage of non-self space and minimized overlapping among detectors. The experimental results show that our algorithm has better detection ability than that of the previous method.