Android ransomware poses a major threat to cybersecurity, resulting in financial losses, data thefts, and service disruptions for mobile users. In this paper, a network traffic-based ransomware detection framework is proposed, which combines the feature selection and data augmentation approaches with machine learning and deep learning algorithms. The proposed methodology consists of data preprocessing, data normalization, class balancing, and feature reduction based on the Random Forest importance and SHAP analysis to select the most informative features. Different classification models such as Logistic Regression (LR), Decision Tree (DT), K-Nearest Neighbors (KNN), Support Vector Machine (SVM), Multi-Layer Perceptron (MLP), TabNet, Deep Neural Network (DNN), and Convolutional Neural Network (CNN) are evaluated and compared. Generative Adversarial Networks (GANs) are used to generate synthetic ransomware samples for training, to cope with class imbalance, and to enhance detection capability. The results of the experiments proved that the GAN-improved CNN model's overall accuracy is 99.5%, recall is 99.8%, precision is 99.6%, F1 score is 99.6%, and AUC is 98.9%. The results further show that feature reduction resulted in reduced time in training and testing with high detection performance. This paper emphasizes the importance of the proposed feature selection, augmentation using GAN, and deep learning approach for detecting Android ransomware. The framework proposed, however, led to decreased feature space and increased computational efficiency, but additional testing on real Android devices is still needed to confirm the claims of lightweight deployment and low resource usage.

android ransomware; CNN; deep learning; GAN; intrusion detection system; machine learning; network traffic analysis

Ribeiro J, Saghezchi FB, Mantas G, Rodriguez J, Abd-Alhameed RA. Hidroid: Prototyping a Behavioral Host-based Intrusion Detection and Prevention System for Android. IEEE Access. 2020 Jan 27;8:23154-68. [https://doi.org/10.1109/ACCESS.2020.2969626].

Agrawal P, Trivedi B. A Survey on Android Malware and Their Detection Techniques. In2019 IEEE International conference on electrical, computer and communication technologies (ICECCT) 2019 Feb 20 (pp. 1-6). IEEE. [https://doi.org/10.1109/ICECCT.2019.8868951].

Albedwawi S. ML-based Ransomware Detection for Android Os (Doctoral dissertation, Khalifa University of Science). 2023. chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://khazna.ku.ac.ae/ws/portalfiles/portal/19098217/file.

Ibrahim IM, Sallow AB. Guarding Android: A Comprehensive Review of Intrusion Detection Techniques for Smartphones. Science Journal of University of Zakho. 2023 Oct 15;11(4):469-80. [https://doi.org/10.25271/sjuoz.2023.11.4.1161].

Reshmi TR. Information Security Breaches Due to Ransomware Attacks-a Systematic Literature Review. International Journal of Information Management Data Insights. 2021 Nov 1;1(2):100013. [https://doi.org/10.1016/j.jjimei.2021.100013].

Wiles A, Colombo F, Mascorro R. Ransomware Detection using Network Traffic Analysis and Generative Adversarial Networks. Authorea. September 17, 2024. [https://doi.org/10.22541/au.172659907.77469627/v1].

Aslam N, Steltzer H. Cybersecurity and Network Security: Strengthening Defenses Against Emerging Threats. February 2025. [https://doi.org/10.13140/RG.2.2.16350.96321].

Alqahtani H, Sarker IH, Kalim A, Minhaz Hossain SM, Ikhlaq S, Hossain S. Cyber Intrusion Detection using Machine Learning Classification Techniques. In International conference on computing science, communication and security 2020 Mar 26 (pp. 121-131). Singapore: Springer Singapore. [https://doi.org/10.1007/978-981-15-6648-6_10].

Elkhadir Z, Chougdali K, Benattou M. Intrusion Detection System using PCA and Kernel PCA Methods. InProceedings of the Mediterranean Conference on Information & Communication Technologies 2015: MedCT 2015 Volume 2 2016 Apr 16 (pp. 489-497). Cham: Springer International Publishing. [https://doi.org/10.1007/978-3-319-30298-0_50].

Khraisat A, Gondal I, Vamplew P, Kamruzzaman J. Survey of Intrusion Detection Systems: Techniques, Datasets and Challenges. Cybersecurity. 2019 Dec;2(1):1-22. [https://doi.org/10.1186/s42400-019-0038-7].

Arslan RS. JDroid: Android Malware Detection using Hybrid Opcode Feature Vector. PeerJ Computer Science. 2025 Jul 25;11:e3051. [https://doi.org/10.7717/peerj-cs.3051].

Zhou H, Yang X, Pan H, Guo W. An Android Malware Detection Approach based on SIMGRU. IEEE Access. 2020 Jul 29;8:148404-10. [https://doi.org/10.1109/ACCESS.2020.3007571].

Liu K, Xu S, Xu G, Zhang M, Sun D, Liu H. :A Review of Android Malware Detection Approaches based on Machine Learning. IEEE access. 2020 Jul 1;8:124579-607. [https://doi.org/10.1109/ACCESS.2020.3006143].

Chio C, Freeman D. Machine Learning and Security: Protecting Systems with Data and Algorithms. 1st ed." O'Reilly Media, Inc."; 2018 Jan 26. https://www.amazon.com/Machine-Learning-Security-Protecting Algorithms/dp/1491979909.

TeckPath Team Lead. Cyber Security Services in Washington, DC., services report. December 20, 2021,: The 2021 Cyber Security Statistics, Data, & Trends. Available: https://purplesec.us/cyber-security-trends-2021/, 2021.

Sibtain M, Hussain M, Riaz Q, Qadir S, Riaz N, Jung KH. : Lightweight and Robust Android Ransomware Detection using Behavioral Analysis and Feature Reduction. Computers, Materials & Continua. 2025 Sep 1;84(3).[https://doi.org/10.32604/cmc.2025.066198].

Ahmed OS, Ibrahim Al-Dabbagh OA. Ransomware Detection System based on Machine Learning. Journal of Education & Science. 2021 Nov 1;30(5). [https://doi.org/10.33899/edusj.2021.130760.1173].

Al-doorı SK, Taspınar YS, Koklu M. Distracted Driving Detection with Machine Learning Methods by CNN based Feature Extraction. International Journal of Applied Mathematics Electronics and Computers. 2021 Dec 31;9(4):116-21. [https://doi.org/10.18100/ijamec.1035749].

Park HA. An Introduction to Logistic Regression: from Basic Concepts to Interpretation with Particular Attention to Nursing Domain. Journal of Korean academy of nursing. 2013 Apr 1;43(2):154-64. [https://doi.org/10.4040/jkan.2013.43.2.154].

Kishore B, Yasar A, Taspinar YS, Kursun R, Cinar I, Shankar VG, et al. Computer‐Aided Multiclass Classification of Corn from Corn Images Integrating Deep Feature Extraction. Computational Intelligence and Neuroscience. 2022;2022(1):2062944. [https://doi.org/10.1155/2022/2062944].

AlShammari AF. Implementation of Classification using K-Nearest Neighbors (KNN) in Python. International Journal of Computer Applications. 2024 ; 975:8887. [https://doi.org/10.5120/ijca2024923894].

Montesinos López OA, Montesinos López A, Crossa J. :Fundamentals of Artificial Neural Networks and Deep Learning. InMultivariate statistical machine learning methods for genomic prediction 2022 Jan 14 (pp. 379-425). Cham: Springer International Publishing. [https://doi.org/10.1007/978-3-030-89010-0_10].

Zidan RA, Karraz G. Towards an Efficient Internet of Things Intrusion Detection by using Support Vector Machine. Baghdad Science Journal. 2025;22(5):1714-24. [https://doi.org/10.21123/bsj.2024.11067].

McDonnell K, Murphy F, Sheehan B, Masello L, Castignani G. Deep Learning in Insurance: Accuracy and Model Interpretability using TabNet. Expert Systems with Applications. 2023 May 1;217:119543. [https://doi.org/ 10.1016/j.eswa.2023.119543].

Kiranyaz S, Avci O, Abdeljaber O, Ince T, Gabbouj M, Inman DJ. 1D Convolutional Neural Networks and Applications: A Survey. Mechanical systems and signal processing. 2021 Apr 1;151:107398. [https://doi.org/10.48550/arXiv.1905.03554].

Chakraborty, T., Reddy KS, U., Naik, S. M., Panja, M., & Manvitha, B. (2024). Ten Years of Generative Adversarial Nets (GANs): A Survey of the State-of-the-Art. Machine Learning: Science and Technology, 5(1), 011001.

Das Y., Laxmi L., Kumar N, Bardhan K. Ransomware Detection using Artificial Intelligence. International Journal of Advanced Technology in Engineering and Science, Vol. 11, Nikhil Kumar 2023 May 05 (pp. 1-10 ). https://www.ijates.com/ADMIN/admin/postimages/images/fullpdf/1683986012_933.pdf.

Alazab M, Khurma RA, Camacho D, Martín A. : Enhanced Android Ransomware Detection Through Hybrid Simultaneous Swarm-based Optimization. Cognitive Computation. 2024 Sep;16(5):2154-68. [https://doi.org/10.1007/s12559-024-10301-4].

Abd Rais, N. S., Foozy, C. F. M., & Maslan, A. (2025). Android Ransomware Detection by Deep Learning. Journal of Soft Computing and Data Mining, 6(1), 378-393.

Braganca, H., Kreutz, D., Rocha, V., & Assolin, J. (2025). MH-1M: A 1.34 Million-Sample Comprehensive Multi-Feature Android Malware Dataset for Machine Learning, Deep Learning, Large Language Models, and Threat Intelligence Research. arXiv preprint arXiv:2511.00342.

Guyon I, Elisseeff A. An Introduction to Variable and Feature Selection. Journal of Machine Learning Research. 2003;3(Mar):1157-82. [https://doi.org/10.1162/153244303322753616].

Kraev E, Koseoglu B, Traverso L, Topiwalla M. Shap-Select: Lightweight Feature Selection using SHAP Values and Regression. arXiv prepr. arXiv:2410.06815. 2024 Oct 9.

[https://doi.org/10.48550/arXiv.2410.06815].

Farhan RI. An Approach to Android Ransomware Detection using Deep Learning. Wasit Journal for Pure Sciences. 2024 Mar 30;3(1):90-4. [https://doi.org/10.31185/wjps.325].

Lundberg S, Lee SI. A Unified Approach to Interpreting Model Predictions. Advances in Neural Information Processing Systems. 2017;30. [https://doi.org/10.1145/3744333.3747810].

Shapley LS. A Value for n-Person Games. 1953 (pp. 307-317). [https://doi.org/10.1515/9781400881970-018].

Wang H, Liang Q, Hancock JT, Khoshgoftaar TM. Feature Selection Strategies: A Comparative Analysis of SHAP-Value and Importance-based Methods. Journal of Big Data. 2024 Mar 26;11(1):44. [https://doi.org/10.1186/s40537-024-00905-w].

Saxe J, Sanders H. Malware Data Science: Attack Detection and Attribution. No Starch Press; 2018 Sep 25. https://www.amazon.com/Malware-Data-Science-Detection-Attribution/dp/1593278594.

Sihwail R, Omar K, Ariffin KZ. A Survey on Malware Analysis Techniques: Static, dynamic, Hybrid and Memory Analysis. Int. J. Adv. SCI. Eng. Inf. Technol. 2018 Sep 30;8(4-2):1662-71. [https://doi.org/10.18517/ijaseit.8.4-2.6827].

Sharma S, Kumar R, Rama Krishna C. A Survey on Analysis and Detection of Android Ransomware. Concurrency and Computation: Practice and Experience. 2021 Aug 25;33(16):e6272. [https://doi.org/10.1002/cpe.6272].

Bibi I, Akhunzada A, Malik J, Ahmed G, Raza M. An Effective Android Ransomware Detection Through Multi-Factor Feature Filtration and Recurrent Neural Network. In2019 UK/China Emerging Technologies (UCET) 2019 Aug 21 (pp. 1-4). IEEE. [https://doi.org/10.1109/UCET.2019.8881884].

Hossain, M. S., Hasan, N., Samad, M. A., Shakhawat, H. M., Karmoker, J., Ahmed, F., ... & Choi, K. (2022). Android Ransomware Detection from Traffic Analysis using Metaheuristic Feature Selection. IEEE Access, 10, 128754-128763.[https://doi.org/10.1109/ACCESS.2022.3227579].

Albin Ahmed, A., Shaahid, A., Alnasser, F., Alfaddagh, S., Binagag, S., & Alqahtani, D. (2023). Android Ransomware Detection using Supervised Machine Learning Techniques based on Traffic Analysis. Sensors, 24(1), 189. [ https://doi.org/10.3390/s24010189].

Zawaideh, F.H.S. (2024). Machine Learning-based Anomaly Detection in Android Network Flows for Ransomware Identification. Global Journal of Information Technology: Emerging Technologies 14(1), 1-13. [https://doi.org/10.18844/gjit.v14i1.9363].

Hossain, M. A., Hasan, T., Ahmed, F., Cheragee, S. H., Kanchan, M. H., & Haque, M. A. (2025). Towards Superior Android Ransomware Detection: An Ensemble Machine Learning Perspective. Cyber Security and Applications, 3, 100076. [https://doi.org/10.1016/j.csa.2024.100076].

Singh, M. M., Selvaraj, K., & Wei, Z. (2025). Enhanced Detection of Android Ransomware Families using Machine Learning and Network Traffic Analysis. Bulletin of Electrical Engineering and Informatics, 14(4), 2987-2996.[ https://doi.org/10.11591/eei.v14i4.9485].

The CICFlowMeter Packet Capture Tool. Available: https://www.unb.ca/cic/research/applications.html#CICFlowMeter.

Android Ransmware Dataset form Kaggle Access by https://doi.org/10.34740/kaggle/dsv/4987535," 2023.