Recurrent Neural Network and Multi-Factor Feature Filtering for Ransomware Detection in Android Apps

Inam Ullah Khan; Fasih Ud din; Fida Muhammad Khan; Sohaib Saqib; Saadat ullah; Zeeshan Ali Haider; Shehr Bano

Authors

Inam Ullah Khan Department of Computer Science, Qurtuba University of Science & Information, Technology, Peshawar, Pakistan.
Fasih Ud din Department of Computer Science & IT University of Lakki Marwat, Pakistan
Fida Muhammad Khan Department of Computer Science, Qurtuba University of Science & Information, Technology, Peshawar, Pakistan.
Sohaib Saqib Faculty of Computing Gomal University, Dera Ismail Khan, Khyber Pakhtunkhwa(KPK), Pakistan
Saadat ullah Faculty of Computing Gomal University, Dera Ismail Khan, Khyber Pakhtunkhwa(KPK), Pakistan
Zeeshan Ali Haider Department of Computer Science, Qurtuba University of Science & Information, Technology, Peshawar, Pakistan.
Shehr Bano Faculty of Computing Gomal University, Dera Ismail Khan, Khyber Pakhtunkhwa(KPK), Pakistan

Keywords:

Ransomware Malware, Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), AndriodSecurity

Abstract

The market is flooded with Android Software (apps), and at the same time that number is growing quickly, and so are the many security exploits that take advantage of such apps. The effectiveness of traditional defensive systems is at risk due to the growing diversity of Android malware. This situation has sparked significant interest in improving malware detection accuracy and scalability for smart devices. By examining the Long Short-Term Memory (LSTM) method, we have developed an effective deep learning-based malware detection model for enhanced Android ransomware detection. For feature selection, eight different methods were applied. By comparing the outcomes of all feature selection procedures, we used a simple majority vote process to choose the 19 crucial characteristics. The Android Malware dataset (CI-CAndMal2017) and common performance metrics were used to assess the proposed technique. With a detection accuracy of 97.08%, our model surpasses existing approaches. We advocate our proposed method as effective in malware and forensic analysis based on its remarkable performance.

References

M. Alazab, R. A. Khurma, D. Camacho, and A. Martín, “Enhanced Android Ransomware Detection Through Hybrid Simultaneous Swarm-Based Optimization,” Cognit. Comput., pp. 1–15, Jun. 2024, doi: 10.1007/S12559-024-10301-4/METRICS.

C. B N and B. S H, “Revolutionizing ransomware detection and criticality assessment: Multiclass hybrid machine learning and semantic similarity-based end2end solution,” Multimed. Tools Appl., vol. 83, no. 13, pp. 39135–39168, Apr. 2024, doi: 10.1007/S11042-023-16946-X/METRICS.

A. K. Al Hwaitat et al., “Overview of Mobile Attack Detection and Prevention Techniques Using Machine Learning,” Int. J. Interact. Mob. Technol., vol. 18, no. 10, pp. 125–157, May 2024, doi: 10.3991/IJIM.V18I10.46485.

D. Soi, A. Sanna, D. Maiorca, and G. Giacinto, “Enhancing android malware detection explainability through function call graph APIs,” J. Inf. Secure. Appl., vol. 80, p. 103691, Feb. 2024, doi: 10.1016/J.JISA.2023.103691.

E. Calik Bayazit, K. Sahingoz, and B. Dogan, “Tehnički vjesnik,” vol. 30, pp. 787–796, 2023, doi: 10.17559/TV-20220907113227.

E. C. Bayazit, O. K. Sahingoz, and B. Dogan, “Protecting Android Devices From Malware Attacks: A State-of-the-Art Report of Concepts, Modern Learning Models and Challenges,” IEEE Access, vol. 11, pp. 123314–123334, 2023, doi: 10.1109/ACCESS.2023.3323396.

A. Albin Ahmed, A. Shaahid, F. Alnasser, S. Alfaddagh, S. Binagag, and D. Alqahtani, “Android Ransomware Detection Using Supervised Machine Learning Techniques Based on Traffic Analysis,” Sensors 2024, Vol. 24, Page 189, vol. 24, no. 1, p. 189, Dec. 2023, doi: 10.3390/S24010189.

A. R. Zaidi, T. Abbas, H. Zahid, and S. A. Ramay, “Effectiveness Of Detecting Android Malware Using Deep Learning Techniques,” J. NANOSCOPE, vol. 4, no. 2, pp. 1–21, Nov. 2023, doi: 10.52700/JN.V4I2.90.

Q. M. Yaseen, “The Effect of the Ransomware Dataset Age on the Detection Accuracy of Machine Learning Models,” Inf. 2023, Vol. 14, Page 193, vol. 14, no. 3, p. 193, Mar. 2023, doi: 10.3390/INFO14030193.

A. Mahindru and A. L. Sangal, “FSDroid:- A feature selection technique to detect malware from Android using Machine Learning Techniques: FSDroid,” Multimed. Tools Appl., vol. 80, no. 9, pp. 13271–13323, Apr. 2021, doi: 10.1007/S11042-020-10367-W/TABLES/21.

I. Almomani et al., “Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbalanced Data,” IEEE Access, vol. 9, pp. 57674–57691, 2021, doi: 10.1109/ACCESS.2021.3071450.