{"title":"Behavioral based detection of android ransomware using machine learning techniques","authors":"G. Kirubavathi, W. Regis Anne","doi":"10.1007/s13198-024-02439-z","DOIUrl":null,"url":null,"abstract":"<p>After the pandemic, the whole world is transforming digital, due to the increased usage of handheld devices like smartphones and due to the evolution of the internet. All the transactions are becoming online. The security at end devices is an important issue to everyone. We believe that the data in transit is more secure, but in reality this is not true. The data are in the hands of bad actors for malicious activities. Android ransomware is one of the most widely distributed assaults throughout the world. It is a type of virus that prevents users from accessing the operating system and encrypts the essential data saved on their device. This work focuses on thorough assessment and detection of android ransomware application using machine learning methods. After a thorough analysis of existing mechanisms of android ransomware detection, we found that the combination of static behaviour with machine learning techniques can detect android ransomware with good accuracy. We have analysed 3572 samples of ransomware applications and 3628 samples of benign applications of various family. For classification, the decision tree, random forest, extra tree classifier, light gradient boosting machine methods are selected from the pool of classifier. The dataset was obtained from Kaggle, which is an open source dataset repository. The suggested model outperforms with a detection accuracy of 98.05%. Based on its best performance, we believe our suggested approach will be useful in ransomware and forensic investigation.</p>","PeriodicalId":14463,"journal":{"name":"International Journal of System Assurance Engineering and Management","volume":null,"pages":null},"PeriodicalIF":1.6000,"publicationDate":"2024-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of System Assurance Engineering and Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s13198-024-02439-z","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 0
Abstract
After the pandemic, the whole world is transforming digital, due to the increased usage of handheld devices like smartphones and due to the evolution of the internet. All the transactions are becoming online. The security at end devices is an important issue to everyone. We believe that the data in transit is more secure, but in reality this is not true. The data are in the hands of bad actors for malicious activities. Android ransomware is one of the most widely distributed assaults throughout the world. It is a type of virus that prevents users from accessing the operating system and encrypts the essential data saved on their device. This work focuses on thorough assessment and detection of android ransomware application using machine learning methods. After a thorough analysis of existing mechanisms of android ransomware detection, we found that the combination of static behaviour with machine learning techniques can detect android ransomware with good accuracy. We have analysed 3572 samples of ransomware applications and 3628 samples of benign applications of various family. For classification, the decision tree, random forest, extra tree classifier, light gradient boosting machine methods are selected from the pool of classifier. The dataset was obtained from Kaggle, which is an open source dataset repository. The suggested model outperforms with a detection accuracy of 98.05%. Based on its best performance, we believe our suggested approach will be useful in ransomware and forensic investigation.
期刊介绍:
This Journal is established with a view to cater to increased awareness for high quality research in the seamless integration of heterogeneous technologies to formulate bankable solutions to the emergent complex engineering problems.
Assurance engineering could be thought of as relating to the provision of higher confidence in the reliable and secure implementation of a system’s critical characteristic features through the espousal of a holistic approach by using a wide variety of cross disciplinary tools and techniques. Successful realization of sustainable and dependable products, systems and services involves an extensive adoption of Reliability, Quality, Safety and Risk related procedures for achieving high assurancelevels of performance; also pivotal are the management issues related to risk and uncertainty that govern the practical constraints encountered in their deployment. It is our intention to provide a platform for the modeling and analysis of large engineering systems, among the other aforementioned allied goals of systems assurance engineering, leading to the enforcement of performance enhancement measures. Achieving a fine balance between theory and practice is the primary focus. The Journal only publishes high quality papers that have passed the rigorous peer review procedure of an archival scientific Journal. The aim is an increasing number of submissions, wide circulation and a high impact factor.