Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbala

Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbala

ABSTRACT

In recent years, Ransomware has been a critical threat that attacks smartphones. Ransomware
is a kind of malware that blocks the mobile’s system and prevents the user of the infected device from
accessing their data until a ransom is paid. Worldwide, Ransomware attacks have led to serious losses for
individuals and stakeholders. However, the dramatic increase of Ransomware families makes to the process
of identifying them more challenging due to their continuously evolved characteristics. Traditional malware
detection methods (e.g., statistical-based prevention methods) fail to combat the evolving Ransomware
since they result in a high percentage of false positives. Indeed, developing a non-classical, intelligent
technique to safeguarding against Ransomware is of significant importance. This paper introduces a new
methodology for the detection of Ransomware that is depending on an evolutionary-based machine learning
approach. The binary particle swarm optimization algorithm is utilized for tuning the hyperparameters of
the classification algorithm, as well as performing feature selection. The support vector machines (SVM)
algorithm is used alongside the synthetic minority oversampling technique (SMOTE) for classification. The
utilized dataset is collected from various sources, which consists of 10,153 Android applications, where
500 of them are Ransomware. The performance of the proposed approach SMOTE-tBPSO-SVM achieved
merits over traditional machine learning algorithms by having the highest scores in terms of sensitivity,
specificity, and g-mean.