Android Ransomware Detection from Traffic Analysis Using Metaheuristic Feature Selection

Android Ransomware Detection from Traffic Analysis Using Metaheuristic Feature Selection

Among the prevalent cyberattacks on Android devices, a ransomware attack is the most common and damaging. Although there are many solutions for detecting Android ransomware attacks, existing solutions have limited detection accuracy and high computational complexity. This paper proposes a new Androi...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access Vol. 10; p. 1
Main Authors: Hossain, Md. Sakir, Hasan, Naim, Samad, Md Abdus, Shakhawat, Hossain Md, Karmoker, Joydeep, Ahmed, Foysol, Nafiz Fuad, K. F. M., Choi, Kwonhue
Format: Journal Article
Language:English
Published: Piscataway IEEE 01-01-2022
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Accuracy
Classification algorithms
Classifiers
Cybersecurity
Decision trees
Feature extraction
Feature selection
Heuristic methods
IP networks
machine learning
Machine learning algorithms
Malware
Operating systems
Particle swarm optimization
Random forests
Ransomware
Traffic analysis
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Among the prevalent cyberattacks on Android devices, a ransomware attack is the most common and damaging. Although there are many solutions for detecting Android ransomware attacks, existing solutions have limited detection accuracy and high computational complexity. This paper proposes a new Android ransomware detection method based on traffic analysis to address the limitations. We exploit particle swarm optimization (PSO) to select traffic characteristics. Then, based on the selected traffic features, we classify the data traffic using decision tree and random forest classifiers. We examine ransomware cyberattacks in two distinct circumstances. In the first case, we find ransomware traffic; in the second, we locate a specific form of malware traffic among benign traffic. The proposed PSO-assisted feature selection enables the classifier to improve the detection accuracy significantly. The random forest is found to achieve the highest performance in detecting ransomware, whereas the decision tree is the best for detecting the types of ransomware. The accuracy improvements are 2.26% and 3.7% in the first and second scenarios, respectively. The proposed method removes 56.01% to 91.95% of the features. The proposed method convergences quickly, as the optimization reaches an optimum value of about ten iterations.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2022.3227579