{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T16:01:54Z","timestamp":1774368114161,"version":"3.50.1"},"reference-count":53,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2023,12,28]],"date-time":"2023-12-28T00:00:00Z","timestamp":1703721600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"SAUDI ARAMCO Cybersecurity Chair at Imam Abdulrahman bin Faisal University"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In today\u2019s digitalized era, the usage of Android devices is being extensively witnessed in various sectors. Cybercriminals inevitably adapt to new security technologies and utilize these platforms to exploit vulnerabilities for nefarious purposes, such as stealing users\u2019 sensitive and personal data. This may result in financial losses, discredit, ransomware, or the spreading of infectious malware and other catastrophic cyber-attacks. Due to the fact that ransomware encrypts user data and requests a ransom payment in exchange for the decryption key, it is one of the most devastating types of malicious software. The implications of ransomware attacks can range from a loss of essential data to a disruption of business operations and significant monetary damage. Artificial intelligence (AI)-based techniques, namely machine learning (ML), have proven to be notable in the detection of Android ransomware attacks. However, ensemble models and deep learning (DL) models have not been sufficiently explored. Therefore, in this study, we utilized ML- and DL-based techniques to build efficient, precise, and robust models for binary classification. A publicly available dataset from Kaggle consisting of 392,035 records with benign traffic and 10 different types of Android ransomware attacks was used to train and test the models. Two experiments were carried out. In experiment 1, all the features of the dataset were used. In experiment 2, only the best 19 features were used. The deployed models included a decision tree (DT), support vector machine (SVM), k-nearest neighbor (KNN), ensemble of (DT, SVM, and KNN), feedforward neural network (FNN), and tabular attention network (TabNet). Overall, the experiments yielded excellent results. DT outperformed the others, with an accuracy of 97.24%, precision of 98.50%, and F1-score of 98.45%. Whereas, in terms of the highest recall, SVM achieved 100%. The acquired results were thoroughly discussed, in addition to addressing limitations and exploring potential directions for future work.<\/jats:p>","DOI":"10.3390\/s24010189","type":"journal-article","created":{"date-parts":[[2023,12,28]],"date-time":"2023-12-28T09:35:21Z","timestamp":1703756121000},"page":"189","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":30,"title":["Android Ransomware Detection Using Supervised Machine Learning Techniques Based on Traffic Analysis"],"prefix":"10.3390","volume":"24","author":[{"given":"Amnah","family":"Albin Ahmed","sequence":"first","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2427-6015","authenticated-orcid":false,"given":"Afrah","family":"Shaahid","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1571-7050","authenticated-orcid":false,"given":"Fatima","family":"Alnasser","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}]},{"given":"Shahad","family":"Alfaddagh","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}]},{"given":"Shadha","family":"Binagag","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}]},{"given":"Deemah","family":"Alqahtani","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"},{"name":"SAUDI ARAMCO Cybersecurity Chair, Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}]}],"member":"1968","published-online":{"date-parts":[[2023,12,28]]},"reference":[{"key":"ref_1","unstructured":"(2023, August 30). Global Mobile OS Market Share 2023|Statista. Available online: https:\/\/www.statista.com\/statistics\/272698\/global-market-share-held-by-mobile-operating-systems-since-2009\/."},{"key":"ref_2","first-page":"519","article-title":"An Overview of Android Operating System and Its Security Features","volume":"4","author":"Singh","year":"2014","journal-title":"Int. J. Eng. Res. Appl."},{"key":"ref_3","unstructured":"Ravikumar, J. (2023, August 01). Cyber Security Threats\u2014Past|Present|Future. Available online: https:\/\/www.linkedin.com\/pulse\/cyber-past-present-future-robin-joy\/."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Alsoghyer, S., and Almomani, I. (2019). Ransomware Detection System for Android Applications. Electronics, 8.","DOI":"10.3390\/electronics8080868"},{"key":"ref_5","first-page":"2946735","article-title":"The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform","volume":"2016","author":"Song","year":"2016","journal-title":"Mobile Inf. Syst."},{"key":"ref_6","unstructured":"and Bansal, U. (2021, January 21\u201323). A Review on Ransomware Attack. Proceedings of the 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC), Jalandhar, India."},{"key":"ref_7","unstructured":"(2023, June 02). Number of Ransomware Attacks per Year 2022|Statista. Available online: https:\/\/www.statista.com\/statistics\/494947\/ransomware-attacks-per-year-worldwide\/."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"e6272","DOI":"10.1002\/cpe.6272","article-title":"A survey on analysis and detection of Android ransomware","volume":"33","author":"Sharma","year":"2021","journal-title":"Concurr. Comput. Pract. Exp."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Kapratwar, A., Di Troia, F., and Stamp, M. (2017, January 19\u201321). Static and Dynamic Analysis of Android Malware. Proceedings of the 3rd International Conference on Information Systems Security and Privacy, Porto, Portugal.","DOI":"10.5220\/0006256706530662"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"012075","DOI":"10.1088\/1757-899X\/769\/1\/012075","article-title":"Review of Hybrid Analysis Technique for Malware Detection","volume":"769","author":"Yunus","year":"2020","journal-title":"IOP Conf. Ser. Mater. Sci. Eng."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Aljabri, M. (2023). Machine Learning-Based Detection for Unauthorized Access to IoT Devices. J. Sens. Actuator Netw., 12.","DOI":"10.3390\/jsan12020027"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1016\/j.eij.2023.05.006","article-title":"Click fraud detection for online advertising using machine learning","volume":"24","author":"Aljabri","year":"2023","journal-title":"Egypt. Inform. J."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Nagy, N. (2023). Phishing URLs Detection Using Sequential and Parallel ML Techniques: Comparative Analysis. Sensors, 23.","DOI":"10.3390\/s23073467"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Aljabri, M., Alahmadi, A.A., Mohammad, R.M.A., Aboulnour, M., Alomari, D.M., and Almotiri, S.H. (2022). Classification of Firewall Log Data Using Multiclass Machine Learning Models. Electronics, 11.","DOI":"10.3390\/electronics11121851"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1007\/s13278-022-01020-5","article-title":"Machine learning-based social media bot detection: A comprehensive literature review","volume":"13","author":"Aljabri","year":"2023","journal-title":"Soc. Netw. Anal. Min."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Alahmadi, A.A., Aljabri, M., Alhaidari, F., Alharthi, D.J., Rayani, G.E., Marghalani, L.A., Alotaibi, O.B., and Bajandouh, S.A. (2023). DDoS Attack Detection in IoT-Based Networks Using Machine Learning Models: A Survey and Research Directions. Electronics, 12.","DOI":"10.3390\/electronics12143103"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Babbar, H., Rani, S., Sah, D.K., AlQahtani, S.A., and Bashir, A.K. (2023). Detection of Android Malware in the Internet of Things through the K-Nearest Neighbor Algorithm. Sensors, 23.","DOI":"10.3390\/s23167256"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Akhtar, M.S., and Feng, T. (2023). Evaluation of Machine Learning Algorithms for Malware Detection. Sensors, 23.","DOI":"10.3390\/s23020946"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Khalid, O. (2023). An Insight into the Machine-Learning-Based Fileless Malware Detection. Sensors, 23.","DOI":"10.3390\/s23020612"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Ehsan, A., Catal, C., and Mishra, A. (2022). Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review. Sensors, 22.","DOI":"10.3390\/s22207928"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Kumar, R., and Subbiah, G. (2022). Zero-Day Malware Detection and Effective Malware Analysis Using Shapley Ensemble Boosting and Bagging Approach. Sensors, 22.","DOI":"10.3390\/s22072798"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Wang, X., Zhang, L., Zhao, K., Ding, X., and Yu, M. (2022). MFDroid: A Stacking Ensemble Learning Framework for Android Malware Detection. Sensors, 22.","DOI":"10.3390\/s22072597"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Alkahtani, H., and Aldhyani, T.H.H. (2022). Artificial Intelligence Algorithms for Malware Detection in Android-Operated Mobile Devices. Sensors, 22.","DOI":"10.3390\/s22062268"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Alraizza, A., and Algarni, A. (2023). Ransomware Detection Using Machine Learning: A Survey. Big Data Cogn. Comput., 7.","DOI":"10.3390\/bdcc7030143"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Alzahrani, N., and Alghazzawi, D. (2019, January 12\u201314). A Review on Android Ransomware Detection Using Deep Learning Techniques. Proceedings of the 11th International Conference on Management of Digital EcoSystems, Limassol, Cyprus.","DOI":"10.1145\/3297662.3365785"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"337","DOI":"10.3233\/JCS-191346","article-title":"Multilayer ransomware detection using grouped registry key operations, file entropy and file signature monitoring","volume":"28","author":"Jethva","year":"2020","journal-title":"J. Comput. Secur."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1109\/TIT.1967.1053964","article-title":"Nearest neighbor pattern classification","volume":"13","author":"Cover","year":"1967","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1007\/BF00116251","article-title":"Induction of decision trees","volume":"1","author":"Quinlan","year":"1986","journal-title":"Mach. Learn."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1007\/BF00994018","article-title":"Support-vector networks","volume":"20","author":"Cortes","year":"1995","journal-title":"Mach. Learn."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Bishop, C.M. (1995). Neural Networks for Pattern Recognition, Oxford University Press.","DOI":"10.1093\/oso\/9780198538493.001.0001"},{"key":"ref_31","first-page":"6679","article-title":"TabNet: Attentive Interpretable Tabular Learning","volume":"35","author":"Arik","year":"2021","journal-title":"Proc. AAAI Conf. Artif. Intell."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1016\/j.icte.2020.11.001","article-title":"Ransomware Detection using Random Forest Technique","volume":"6","author":"Khammas","year":"2020","journal-title":"ICT Express"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Masum, M., Faruk, M.J.H., Shahriar, H., Qian, K., Lo, D., and Adnan, M.I. (2022, January 26\u201329). Ransomware Classification and Detection with Machine Learning Algorithms. Proceedings of the 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC54503.2022.9720869"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Victoriano, O. (2019, January 14\u201316). Exposing Android Ransomware using Machine Learning. Proceedings of the 2019 International Conference on Information System and System Management (ISSM 2019), Rabat, Morocco.","DOI":"10.1145\/3394788.3394923"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Ferrante, A., Malek, M., Martinelli, F., Mercaldo, F., and Milosevic, J. (2017). Extinguishing Ransomware\u2014A Hybrid Approach to Android Ransomware Detection, Springer.","DOI":"10.1007\/978-3-319-75650-9_16"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Alsoghyer, S., and Almomani, I. (2020, January 4\u20135). On the Effectiveness of Application Permissions for Android Ransomware Detection. Proceedings of the 2020 6th Conference on Data Science and Machine Learning Applications (CDMA), Riyadh, Saudi Arabia.","DOI":"10.1109\/CDMA47397.2020.00022"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Alzahrani, A., Alshehri, A., Alshahrani, H., Alharthi, R., Fu, H., Liu, A., and Zhu, Y. (2018, January 3\u20135). RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform. Proceedings of the 2018 IEEE International Conference on Electro\/Information Technology (EIT), Rochester, MI, USA.","DOI":"10.1109\/EIT.2018.8500161"},{"key":"ref_38","unstructured":"Abdullah, Z., Muhadi, F.W., Saudi, M.M., Hamid, I.R.A., and Foozy, C.F.M. (2019). Advances in Intelligent Systems and Computing, Springer."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Almomani, I., AlKhayer, A., and Ahmed, M. (2021, January 6\u20137). An Efficient Machine Learning-based Approach for Android v.11 Ransomware Detection. Proceedings of the 2021 1st International Conference on Artificial Intelligence and Data Analytics (CAIDA), Riyadh, Saudi Arabia.","DOI":"10.1109\/CAIDA51941.2021.9425059"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"7035233","DOI":"10.1155\/2021\/7035233","article-title":"Dominant Feature Selection and Machine Learning-Based Hybrid Approach to Analyze Android Ransomware","volume":"2021","author":"Gera","year":"2021","journal-title":"Secur. Commun. Netw."},{"key":"ref_41","first-page":"29","article-title":"Machine Learning for Android Ransomware Detection","volume":"19","author":"Bagui","year":"2021","journal-title":"Int. J. Comput. Sci. Inf. Secur. (IJCSIS)"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"301168","DOI":"10.1016\/j.fsidi.2021.301168","article-title":"RansomDroid: Forensic analysis and detection of Android Ransomware using unsupervised machine learning technique","volume":"37","author":"Sharma","year":"2021","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Sharma, S., Krishna, C.R., and Kumar, R. (2020, January 28\u201330). Android Ransomware Detection using Machine Learning Techniques: A Comparative Analysis on GPU and CPU. Proceedings of the 2020 21st International Arab Conference on Information Technology (ACIT), Giza, Egypt.","DOI":"10.1109\/ACIT50332.2020.9300108"},{"key":"ref_44","first-page":"422","article-title":"An ensemble-based supervised machine learning framework for android ransomware detection","volume":"18","author":"Sharma","year":"2021","journal-title":"Int. Arab. J. Inf. Technol."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"57674","DOI":"10.1109\/ACCESS.2021.3071450","article-title":"Android Ransomware Detection Based on a Hybrid Evolutionary Approach in the Context of Highly Imbalanced Data","volume":"9","author":"Almomani","year":"2021","journal-title":"IEEE Access"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"128754","DOI":"10.1109\/ACCESS.2022.3227579","article-title":"Android Ransomware Detection From Traffic Analysis Using Metaheuristic Feature Selection","volume":"10","author":"Hossain","year":"2022","journal-title":"IEEE Access"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Bibi, I., Akhunzada, A., Malik, J., Ahmed, G., and Raza, M. (2019, January 21\u201322). An Effective Android Ransomware Detection Through Multi-Factor Feature Filtration and Recurrent Neural Network. Proceedings of the 2019 UK\/China Emerging Technologies (UCET), Glasgow, UK.","DOI":"10.1109\/UCET.2019.8881884"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"245","DOI":"10.21786\/bbrc\/13.14\/57","article-title":"A Detailed Review on Decision Tree and Random Forest","volume":"13","author":"Talekar","year":"2020","journal-title":"Biosci. Biotechnol. Res. Commun."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Shalev-Shwartz, S., and Ben-David, S. (2014). Understanding Machine Learning, Cambridge University Press.","DOI":"10.1017\/CBO9781107298019"},{"key":"ref_50","unstructured":"M\u00fcller, A.C., and Guido, S. (2017). Introduction to Machine Learning with Python: A Guide for Data Scientists, O\u2019Reilly."},{"key":"ref_51","unstructured":"Theobald, O. (2018). Machine Learning for Absolute Beginners, Independently Published."},{"key":"ref_52","unstructured":"Brownlee, J. (2016). Machine Learning Mastery With Python, Machine Learning Mastery."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1016\/j.engappai.2017.01.013","article-title":"Metaheuristic design of feedforward neural networks: A review of two decades of research","volume":"60","author":"Ojha","year":"2017","journal-title":"Eng. Appl. Artif. Intell."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/1\/189\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T21:43:34Z","timestamp":1760132614000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/1\/189"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,28]]},"references-count":53,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,1]]}},"alternative-id":["s24010189"],"URL":"https:\/\/doi.org\/10.3390\/s24010189","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,12,28]]}}}