This research introduces a novel method for predicting Android ransomware attacks using categorical classification techniques. By analyzing features extracted from Android applications, the model effectively identifies malicious behavior, providing a proactive defense against ransomware threats on mobile devices. Enhancing security and ensuring a safer mobile ecosystem.

1. PREDICT ANDROID
RANSOMWARE ATTACK
USING CATEGORICAL
CLASSIFICATION
MENTOR: Dr. N. Ramshankar B. Tech, M.E., Phd
TEAM MEMBERS:
Likhitha L(111520104083)
Mrudhula K (111520104067)
Lahari Sai P(111520104082)

2. ABSTRACT
Android ransomware has become a
significant cybersecurity threat, posing
serious risks to mobile devices and users'
data. This research presents an approach
for predicting Android ransomware attacks
using categorical classification techniques.
The research findings demonstrate the
efficacy of the proposed approach in
predicting Android ransomware attacks
with high accuracy.

3. LITERATURE SURVEY
3/28/2024
Author Title Methodology
Manuela Horduna1 , Simona-Maria
and Emil Simion2
A note on machine learning applied in
ransomware detection
Year: 2022
Briefly present the most important
events in terms of ransomware attacks,
providing details about the ransoms
demanded.
Mazen Gazzan 1,2 and Frederick T.
Sheldon 1
Opportunities for Early Detection and
Prediction of Ransomware Attacks
against Industrial Control Systems. Year:
2022
Discuss the need for a multi-disciplinary
approach that involves a close
collaboration between the cybersecurity
and ICS communities
Qingyuan Gong, Yushan Liu, Jiayun
Zhang, Yang Chen
Detecting Malicious Accounts in Online
Developer Communities Using Deep
Learning. Year : 2021
Proposed GitSec, a deep learning-based
solution for detecting malicious
accounts in online developer
communities.
Kateryna Chumachenko Machine Learning Methods for Malware
Detections and Classification. Year: 2017
Determine the best feature extraction,
feature representation, and
classification methods that result in the
best accuracy when used
Shubham Shakya1 and Mayank
Dave2
Analysis, Detection, and Classification of
Android Malware using System Calls.
Year: 2020
Detecting android malware using
System calls.

4. EXISTING SYSTEM
• The authors introduce MSDROID, an innovative Android malware detection system that addresses two
critical challenges faced in the field: robustness in real-world scenarios and the need for interpretable
explanations. The system takes inspiration from common practices of security analysts by filtering APIs and
focusing on local snippets surrounding sensitive APIs, rather than analyzing the entire program.
• Each snippet is represented as a graph, incorporating both code attributes and domain knowledge, which is
then classified using a Graph Neural Network (GNN). This local perspective allows the GNN classifier to
concentrate on code segments highly correlated with malicious behaviors, enhancing the system's
robustness. Moreover, the information contained in the graphs contributes to a better understanding of
the behaviors, making MSDROID more interpretable in nature.
• The efficacy of MSDROID is extensively evaluated through a comprehensive comparison with five baseline
methods on a dataset of more than 81K apps in various real-world scenarios, including zero-day, evolution,
and obfuscation. The experimental results demonstrate that MSDROID excels in robustness, outperforming
state of-the-art systems in all cases, with a notable advantage of 5.37% to 49.52% in F1-score. Additionally,
the article showcases that the provided explanations are effective in facilitating malware analysis, enabling
experts to gain valuable insights into the detection decisions and behavior correlations.
• MSDROID represents a significant advancement in Android malware detection, offering improved robustness
and interpretability, which are crucial for addressing the ever-evolving landscape of cybersecurity threats in
the mobile ecosystem.
4

5. PROPOSED SYSTEM
• The proposed system aims to predict Android ransomware attacks using categorical classification techniques.
To achieve this, a diverse dataset of Android applications, encompassing both benign and ransomware
samples, is collected. Relevant features, including permissions, API calls, and other attributes, are extracted
from each app.
• Categorical classification algorithms, such as Bernoulli naive bayes, Random forest Algorithm, Xgboost
Algorithm, are employed to train the model to predict whether an application is benign or contains
ransomware. The performance of the model is thoroughly evaluated using accuracy, precision, recall, F1-
score, and confusion matrix metrics.
• Once the model demonstrates satisfactory performance, it is integrated into an Android application or
system, enabling real-time scanning and prediction of ransomware attacks. Throughout the development
process, utmost attention is given to ethical practices and security considerations to handle potential risks
associated with malware detection projects.
• Ultimately, the proposed system contributes to enhancing mobile security by providing an effective means of
detecting and preventing Android ransomware attacks.
5

6. SOFTWARE REQUIREMENTS:
• Operating System : Windows
• Tool: Anaconda with Jupyter Notebook
• Processor: Intel
PROGRAMMING LANGUAGES
AND LIBRARIES:
• Python
• django
• Sklearn and NumPy
• Pandas and Matplotlib
• PyCharm, VSCode

7. FLOW DIAGRAM
7

8. List Of Modules:
8
1. Data Collection Module
2. Data Preprocessing Module
3. Data Analysis Module
4. Data Classification Module
5. Model Evaluation Module
6. User Interaction Module

9. List Of Modules:
9
1. Data Collection Module
2. Data Preprocessing Module
3. Data Analysis Module
4. Data Classification Module
5. Model Evaluation Module
6. User Interaction Module

10. Module Explanation
10
Data Collection Module​:
Collected malware related text dataset .This Dataset contains 10000 records.
It is classified into 2 classes.
1. Malware
2. Benign
Data Preprocessing Module:
This module involves importing the dataset, processing it using libraries like Pandas and
NumPy, and performing data cleaning tasks such as handling missing values, removing
duplicates, and transforming the data into a suitable format for analysis.

11. Data Analysis Module:
In this phase, exploratory data analysis techniques are employed to understand the
characteristics of the dataset. This includes examining summary statistics, data distributions,
correlations between variables.
Visualization: Visualizations are created to represent the data in a graphical form, making it
easier to interpret and derive insights. Graphs such as Pie Charts and Bar Graphs are used to
visualize categorical data and distributions, while other types of plots like scatter plots or heatmaps
may be used for exploring relationships between variables.
Data Classification Module:
This module focuses on classifying the data into benign and malware categories. Various
classification algorithms like Naive Bayes (BNB)algorithm, XG Boost algorithm, and Random
Forest algorithm are implemented and trained on the dataset.
11

12. Model Evaluation Module:
After training the classification models, this module evaluates their performance using
evaluation metrics such as precision, recall, F1 score, and support values. The dataset is split into
training and testing sets (80% for training, 20% for testing) to assess the models' accuracy and
generalization ability.
User Interaction Module
An interface is developed to allow users to interact with the trained models. Users can input
data related to an Android system and receive predictions on whether it is likely to have malware.
The interface provides a user-friendly experience for accessing the predictive functionality of the
models.
12

13. Output and Demo
13

15. THANK YOU