Abstract
Android ransomware has become a major threat to mobile device security, causing serious issues through attacks that encrypt user data and demand ransoms. Traditional methods used to detect ransomware often face problems due to the imbalance of data and limited ransomware samples, which reduce their effectiveness against new and evolving threats. To overcome these challenges, our research explores using Generative Adversarial Networks (GANs) to create synthetic data, aiming to boost the accuracy of ransomware detection systems. We tested three GAN methods—Conditional CTGAN, Unconditional CTGAN, and CopulaGAN—to generate synthetic ransomware data based on dynamic features such as memory usage, API calls, network traffic, and system logs.Our findings show that GAN-generated data significantly improves the performance of ransomware detection by effectively reducing class imbalance. Among the GAN variants we tested, Conditional CTGAN performed the best, achieving the highest accuracy, precision, recall, and F1-scores in identifying ransomware compared to normal apps. Additionally, using Explainable AI methods like SHAP analysis helped us understand which features were most important, confirming that our synthetic data closely resembled real ransomware behaviors. This research demonstrates that GANs, especially Conditional CTGAN, can provide practical improvements for Android ransomware detection, strengthening overall cybersecurity.
| Date of Award | 13 May 2025 |
|---|---|
| Original language | American English |
| Supervisor | Chan Yeun (Supervisor) |
Keywords
- Malware
- Ransomware
- GAN
- Deep Learning
- Android