Machine Learning for Android Ransomware Detection

Abstract—Effective detection of ransomware is becoming increasingly important due to the influx of smartphones and the increasing amount of personal data being stored in smartphones. Ransomware, which often demands payment for the safe return of data, encrypts a user’s personal data and renders it useless without proper decryption. In this paper, we present a model for an Android ransomware intrusion detection system that is an improvement over the previous works on the detection of Android malware families. This was accomplished through sufficient data preprocessing using information gain and the effective use of machine learning classifiers, Decision Tree, Naïve Bayes, and OneR. Network traffic data was used for this classification. Of the three classifiers, the decision tree classifier produced the best classification results.
Index Terms—Android, Information Gain, J48 Decision Tree, Machine Learning, Malware, Naïve Bayes, OneR, Ransomware.