Detection and Analysis of Android Ransomware Using the Support Vector Machines

Abstract

Abstract: Ransomware is a malicious code designed to encrypt and lock personal data such as documents and photos, in order to create opportunity for extorting money from the victims. Android operating systems are particularly targeted due to their large market share. Previous studies have primarily relied on signature-based detection methods, which require sufficient data samples and labelled signatures. However, modern ransomware utilizes obfuscation techniques that make it challenging to analyse using static methods. This project proposes a hybrid analysis approach for Android ransomware, employing the SVM algorithm for detection. The novelty lies in the limited exploration of SVM algorithms for ransomware analysis. The dataset used in the study was obtained from CICA and Mal 2017. Static features, including permissions, intents, encoding methods, and API calls were used, along with dynamic features such as network activities and system calls. The SVM model achieved good performance, with 81% accuracy and 90% precision using static features, and 100% accuracy with dynamic features