IEEE Access (Jan 2022)

Android Ransomware Detection From Traffic Analysis Using Metaheuristic Feature Selection

  • Md. Sakir Hossain,
  • Naim Hasan,
  • Md. Abdus Samad,
  • Hossain Md. Shakhawat,
  • Joydeep Karmoker,
  • Foysol Ahmed,
  • K. F. M. Nafiz Fuad,
  • Kwonhue Choi

DOI
https://doi.org/10.1109/ACCESS.2022.3227579
Journal volume & issue
Vol. 10
pp. 128754 – 128763

Abstract

Read online

Among the prevalent cyberattacks on Android devices, a ransomware attack is the most common and damaging. Although there are many solutions for detecting Android ransomware attacks, existing solutions have limited detection accuracy and high computational complexity. This paper proposes a new Android ransomware detection method based on traffic analysis to address the limitations. We exploit particle swarm optimization (PSO) to select traffic characteristics. Then, based on the selected traffic features, we classify the data traffic using decision tree and random forest classifiers. We examine ransomware cyberattacks in two distinct circumstances. In the first case, we find ransomware traffic; in the second, we locate a specific form of malware traffic among benign traffic. The proposed PSO-assisted feature selection enables the classifier to improve the detection accuracy significantly. The random forest is found to achieve the highest performance in detecting ransomware, whereas the decision tree is the best for detecting the types of ransomware. The accuracy improvements are 2.26% and 3.7% in the first and second scenarios, respectively. The proposed method removes 56.01% to 91.95% of the features. The proposed method convergences quickly as the optimization reaches an optimum value of about ten iterations.

Keywords