Next-Gen Threat Hunting: A Comparative Study of ML Models in Android Ransomware Detection

Authors

  • Linet Momposhi Western Centre for Cybersecurity Aid and Community Engagement (WCACE), Western Sydney University, Australia
  • Alana Maurushat Western Centre for Cybersecurity Aid and Community Engagement (WCACE), Western Sydney University, Australia
  • Rodrigo N. Calheiros Western Centre for Cybersecurity Aid and Community Engagement (WCACE), Western Sydney University, Australia
  • Shawal Khan Western Centre for Cybersecurity Aid and Community Engagement (WCACE), Western Sydney University, Australia https://orcid.org/0000-0001-5952-8502

DOI:

https://doi.org/10.47852/bonviewFSI52025685

Keywords:

ransomware detection, machine learning, random forest, K-nearest neighbors, neural networks, android ransomware, cybersecurity

Abstract

Ransomware attacks on Android devices have been increasing in recent years, posing a significant threat to users' data and privacy. In the finance sector, ransomware increasingly targets banking applications that impact their financial operations. This research presents a comprehensive evaluation of four popular machine learning algorithms – K-nearest neighbors (KNN), neural networks (NN), random forest (RF), and support vector machines (SVM) – in classifying Android ransomware. In this work, we utilize an open-source ransomware dataset available on Kaggle that comprises 10 types of ransomware and benign instances of Android applications, extracting relevant features for analysis. The performance of each classifier is assessed using various evaluation metrics, including accuracy, precision, recall, and F1-score. The experimental work shows that the RF classifier achieves the highest accuracy of 96.22%, followed by SVM with an accuracy of 83.51%, NN at 81.91%, and finally KNN at 70.49%. Furthermore, the research explores the strengths and limitations of each algorithm, providing insights into their suitability for real-world ransomware detection scenarios. The findings contribute to the development of robust and efficient security mechanisms for safeguarding Android devices against the evolving threat of ransomware.

 

Received: 14 March 2025 | Revised: 20 June 2025 | Accepted: 30 June 2025

 

Conflicts of Interest

The authors declare that they have no conflicts of interest to this work.

 

Data Availability Statement

The data that support the findings of this study are openly available in Kaggle at https://www.kaggle.com/datasets/subhajournal/android-ransomware-detection?resource=download.

 

Author Contribution Statement

Linet Momposhi: Conceptualization, Methodology, Software, Formal analysis, Writing – original draft, Writing – review & editing, Visualization. Alana Maurushat: Conceptualization, Methodology, Software, Validation, Formal analysis, Investigation, Resources, Data curation, Writing – original draft, Writing – review & editing, Visualization, Supervision, Project administration, Funding acquisition. Rodrigo N. Calheiros: Validation, Investigation, Resources, Data curation, Writing – review & editing, Supervision, Project administration, Funding acquisition. Shawal Khan: Validation, Data curation, Writing – original draft, Writing – review & editing, Visualization, Project administration.

Downloads

Published

2025-07-11

Issue

Online First

Section

Research Articles

License

Copyright (c) 2025 Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Next-Gen Threat Hunting: A Comparative Study of ML Models in Android Ransomware Detection. (2025). FinTech and Sustainable Innovation, 1-16. https://doi.org/10.47852/bonviewFSI52025685