Abstract
In recent years, Ransomware has been a critical threat that attacks smartphones. Ransomware is a kind of malware that blocks the mobile’s system and prevents the user of the infected device from accessing their data until a ransom is paid. Worldwide, Ransomware attacks have led to serious losses for individuals and stakeholders. However, the dramatic increase of Ransomware families makes to the process of identifying them more challenging due to their continuously evolved characteristics. Traditional malware detection methods (e.g., statistical-based prevention methods) fail to combat the evolving Ransomware since they result in a high percentage of false positives. Indeed, developing a non-classical, intelligent technique to safeguarding against Ransomware is of significant importance. This paper introduces a new methodology for the detection of Ransomware that is depending on an evolutionary-based machine learning approach. The binary particle swarm optimization algorithm is utilized for tuning the hyperparameters of the classification algorithm, as well as performing feature selection. The support vector machines (SVM) algorithm is used alongside the synthetic minority oversampling technique (SMOTE) for classification. The utilized dataset is collected from various sources, which consists of 10,153 Android applications, where 500 of them are Ransomware. The performance of the proposed approach SMOTE- $t$ BPSO-SVM achieved merits over traditional machine learning algorithms by having the highest scores in terms of sensitivity, specificity, and g-mean.
Highlights
The market share of Android mobile operating system (OS) has approximately reached 72.97% by Q4 2020.1 this rapid evolution of the Android market has attracted many attackers to gain illegal access to Android devices and data using malware applications
PRELIMINARIES we describe the algorithms utilized in the proposed approach for ransomware detection
The Particle swarm optimization (PSO) algorithm consists of a swarm of random particles, where each particle is characterized by two components: the velocity and position
Summary
The market share of Android mobile operating system (OS) has approximately reached 72.97% by Q4 2020.1 this rapid evolution of the Android market has attracted many attackers to gain illegal access to Android devices and data using malware applications. In comparison to classical (i.e., statistical, and knowledge-based) techniques, the performance of malware detection algorithms that are based on machine learning-approaches surpass the traditional methods [12]–[15]. The proposed method utilizes the support vector machines (SVM) algorithm [19] for identifying the Ransomware, while the PSO is to optimize the search process by optimizing the number of features and other hyperparameter coefficients. The collected set of data is imbalanced dataset, where the normal (non-Ransomware) is the dominant class This poses challenges for the classification algorithm during the learning to not bias toward the major class and results in overfitting, but to have a balanced performance at each class. 3) Proposing a swarm-based machine learning detection system that combines PSO with SVM and an oversampling technique for performing classification, feature selection and data balancing, simultaneously.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
