Enhancing Android Ransomware Detection Using an Ensemble Machine Learning Classifier
Guardado en:
| Udgivet i: | Programming and Computer Software vol. 50, no. 8 (Dec 2024), p. 562 |
|---|---|
| Udgivet: |
Springer Nature B.V.
|
| Fag: | |
| Online adgang: | Citation/Abstract Full Text Full Text - PDF |
| Tags: |
Ingen Tags, Vær først til at tagge denne postø!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3154524532 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 0361-7688 | ||
| 022 | |a 1608-3261 | ||
| 024 | 7 | |a 10.1134/S0361768824700622 |2 doi | |
| 035 | |a 3154524532 | ||
| 045 | 2 | |b d20241201 |b d20241231 | |
| 245 | 1 | |a Enhancing Android Ransomware Detection Using an Ensemble Machine Learning Classifier | |
| 260 | |b Springer Nature B.V. |c Dec 2024 | ||
| 513 | |a Journal Article | ||
| 520 | 3 | |a Ransomware poses a significant threat to Android devices, presenting a pressing concern in the realm of malware. While there has been extensive research on malware detection, distinguishing between various malware categories remains a challenge. Notably, ransomware often disguises its behavior to resemble less harmful forms of malware like adware, evading conventional security measures. Therefore, there is a critical need for advanced malware category detection techniques to elucidate specific behaviors unique to each malware type and bolster detection efficacy. This paper aims to enhance Android ransomware detection by investigating the optimal combination of static features (such as permissions, intents, and API calls) and dynamic features (captured from network traffic flow) that contribute to minimize false negatives when applying supervised machine learning classification. Our research also aims to discern the pivotal features essential for accurate ransomware detection. To this end, we propose a model integrating feature selection techniques and employing various machine learning classifiers, including decision trees, k-nearest neighbors, random forest, gradient boosting, and bagging. The model was implemented in Python, and its evaluation was conducted with and without k-fold validation to offer a broader range of explored behaviours. Our findings highlight the efficacy of combining network-Permission and network-API features, exhibiting superior ransomware detection rates compared to other feature combinations. Moreover, our model achieved recall scores of 99.2 and 97% before and after employing cross-validation, respectively. We also identified 6 API features, 27 network features, and 18 permission features as the most useful ones for ransomware detection in Android. | |
| 653 | |a Machine learning | ||
| 653 | |a Research methodology | ||
| 653 | |a Datasets | ||
| 653 | |a Communications traffic | ||
| 653 | |a Malware | ||
| 653 | |a Supervised learning | ||
| 653 | |a Effectiveness | ||
| 653 | |a Application programming interface | ||
| 653 | |a Feature selection | ||
| 653 | |a Ransomware | ||
| 653 | |a Algorithms | ||
| 653 | |a Decision trees | ||
| 653 | |a Cybersecurity | ||
| 773 | 0 | |t Programming and Computer Software |g vol. 50, no. 8 (Dec 2024), p. 562 | |
| 786 | 0 | |d ProQuest |t Advanced Technologies & Aerospace Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3154524532/abstract/embedded/6A8EOT78XXH2IG52?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text |u https://www.proquest.com/docview/3154524532/fulltext/embedded/6A8EOT78XXH2IG52?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3154524532/fulltextPDF/embedded/6A8EOT78XXH2IG52?source=fedsrch |