Imagen de Portada

Enhancing Android Ransomware Detection Using an Ensemble Machine Learning Classifier

Guardado en:
Publicado en:Programming and Computer Software vol. 50, no. 8 (Dec 2024), p. 562
Publicado:
Springer Nature B.V.
Materias:
Machine learning
Research methodology
Datasets
Communications traffic
Malware
Supervised learning
Effectiveness
Application programming interface
Feature selection
Ransomware
Algorithms
Decision trees
Cybersecurity
Acceso en línea:Citation/Abstract
Full Text
Full Text - PDF
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
Resumen:Ransomware poses a significant threat to Android devices, presenting a pressing concern in the realm of malware. While there has been extensive research on malware detection, distinguishing between various malware categories remains a challenge. Notably, ransomware often disguises its behavior to resemble less harmful forms of malware like adware, evading conventional security measures. Therefore, there is a critical need for advanced malware category detection techniques to elucidate specific behaviors unique to each malware type and bolster detection efficacy. This paper aims to enhance Android ransomware detection by investigating the optimal combination of static features (such as permissions, intents, and API calls) and dynamic features (captured from network traffic flow) that contribute to minimize false negatives when applying supervised machine learning classification. Our research also aims to discern the pivotal features essential for accurate ransomware detection. To this end, we propose a model integrating feature selection techniques and employing various machine learning classifiers, including decision trees, k-nearest neighbors, random forest, gradient boosting, and bagging. The model was implemented in Python, and its evaluation was conducted with and without k-fold validation to offer a broader range of explored behaviours. Our findings highlight the efficacy of combining network-Permission and network-API features, exhibiting superior ransomware detection rates compared to other feature combinations. Moreover, our model achieved recall scores of 99.2 and 97% before and after employing cross-validation, respectively. We also identified 6 API features, 27 network features, and 18 permission features as the most useful ones for ransomware detection in Android.
ISSN:0361-7688
1608-3261
DOI:10.1134/S0361768824700622
Fuente:Advanced Technologies & Aerospace Database