Android ransomware detection using a novel hamming distance based feature selection

Ransomware is a serious cyberthreat for Android users, with devastating consequences for its victims. By locking or encrypting the targeted device, victims are often left unable to access their data, with attackers demanding payment in bitcoins in exchange for decryption. These attacks can occur across various sectors, including government, business, and health systems. Therefore, effective measures to mitigate this threat are critical. This paper proposes a novel hamming distance-based feature selection technique for detecting Android ransomware through static analysis. The detection approach involves four phases: feature extraction, binary feature vector generation, feature selection, and classification. A Python tool is used to automatically extract static features from Android applications, which are then processed for feature vector generation and selection. The effectiveness of the proposed technique is evaluated using various experiments, including machine learning and deep learning techniques. In addition, this article outlines a threat scenario of ransomware on the Android platform. The proposed system achieves a maximum detection accuracy of 99% with Random Forest and Decision Tree classifiers, surpassing state-of-the-art studies. Overall, the proposed technique offers an efficient solution for detecting Android ransomware, which could help prevent future attacks and reduce the impact of this serious cyberthreat.