Machine learning-based anomaly detection in Android network flows for ransomware identification

Article Sidebar

PDF
Published: Apr 20, 2024
DOI: https://doi.org/10.18844/gjit.v14i1.9363

Main Article Content

Firas Hanna Salim Zawaideh
Irbid National University, Irbid, Jordan.

Abstract

Ransomware continues to pose a significant challenge as it infiltrates networks and employs advanced techniques to encrypt data. To counteract such adversarial endeavors and mitigate any harm, prompt identification of ransomware operations is imperative. The primary objective of this research was to examine the viability of utilizing machine learning techniques for the identification of irregularities in network flows, specifically focusing on the identification of ransomware within Android ecosystems. The fundamental basis of this study was a comprehensive dataset comprising both benign and malicious instances of network traffic originating from several ransomware families. A neural network model was meticulously constructed and trained using a portion of the dataset, followed by thorough testing on novel data to assess its predictive performance. The model has exceptional performance across all classes, as seen by its high levels of accuracy, precision, recall, and F1 Score. Significantly, the model demonstrates a robust ability to extrapolate findings to several categories of ransomware and benign network activity, indicating its potential as a reliable solution for practical implementation. This study establishes the foundation for future endeavors aimed at enhancing the model, exploring real-time detection alternatives, and integrating with comprehensive security solutions.


Keywords: Android Security; anomaly detection; cybersecurity; ransomware identification; machine learning

Downloads

Download data is not yet available.

Article Details

How to Cite
Zawaideh, F. H. S. . (2024). Machine learning-based anomaly detection in Android network flows for ransomware identification. Global Journal of Information Technology: Emerging Technologies, 14(1), 1–13. https://doi.org/10.18844/gjit.v14i1.9363
Issue
Vol. 14 No. 1 (2024): April
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).