A Novel Machine Learning Cyber Approach for Detecting WannaLocker Ransomware Attack on Android Devices
Mahmoud AlJamal, Rabee Alquran, Issa Al-Aiash, Ala Mughaid, Shadi AlZu’bi, Ala A. Abutabanjeh
Abstract
The widespread use of Android mobile phones in recent years has increased the risk of vulnerabilities that attackers can exploit, potentially leading to malware downloads and system damage. This paper presents an effective solution utilizing Machine Learning (ML), a subset of artificial intelligence, to detect Wannalocker ransomware specifically targeting Android devices. To achieve this objective, we employed the CICAndMal2017 dataset with several modifications to make it suitable for ML analysis. These modifications included data normalization, label encoding, attribute name resolution, and addressing data imbalance through the Synthetic Minority Over-sampling Technique (SMOTE). Furthermore, we performed feature selection using three distinct methods and applied a voting principle to select the most frequently occurring attributes. The resulting dataset was then subjected to various classifiers, yielding exceptional classification accuracy compared to previous studies. Notably, the BayesNet classifier achieved an accuracy of 99.1%. These findings demonstrate the efficacy of the proposed ML-based approach in bol-stering Android device security against Wannalocker ransomware, providing a valuable contribution to the field of mobile device security