Exposing Android Ransomware using Machine Learning

Abstract

The Ransomware detection reports from cyber-security companies trigger high threat in Android devices vulnerability. The study used machine learning approaches, particularly classifiers: Decision Tree, Random Forest, Gradient Boosting Decision Trees, and AdaBoost to detect Ransomware malware. The study used dataset from HelDroid with known Ransomware's features, the dataset was transformed and feed on the classifier model. Using 5-attribute dataset feed on the classifier, the models generate high average of 98.05% accuracy rate, both on training and test sets. The same results from Naive Bayes classifiers mean cross-validation accuracy on Gaussian and Bernoulli is 97.6%, while on Multinomial is 81.6%. Feeding the binarized 229-attribute dataset, Decision Tree generates 99.08% accuracy, while the three Naive Bayes Classifiers returns 100% overfit results.