Leveraging application permissions and network traffic attributes for Android ransomware detection

Abstract

The increase in ransomware threats targeting Android devices necessitates the development of advanced techniques to strengthen the effectiveness of detection and prevention methods. Existing studies use Machine Learning (ML) techniques to detect and classify ransomware attacks, however, the ransomware landscape's rapid evolution hinders the effectiveness of these approaches. Moreover, the potential of Deep Reinforcement Learning (DRL) for this purpose remains unexplored. This study investigates the application of various DRL models for Android ransomware detection, leveraging permissions and network traffic attributes-labeled datasets. The paper provides a detailed explanation of implementing supervised learning within a DRL context. Secondly, the challenge of devising a reward function in Android ransomware detection is addressed, given the lack of an automated method for Android ransomware identification. The conventional DRL framework, which relies on the agent's interaction with a real-time environment, is conceptually modified in a new approach. We exhaustively tested the efficiency and accuracy of DRL-based models against other ML techniques, and results show that the A2C model has a better comparable detection performance than other DRL and ML models. Moreover, when DRL models are implemented with minor parameter modifications, they expedite and improve Android ransomware detection's speed, efficiency, and accuracy relative to existing ML strategies.