Enhancing cybersecurity against ransomware attacks using LSTM deep learning method: A case study on android devices

The rapid advancement of technology brings new threats to the digital world. One of these threats is malicious ransomware attacks. Ransomware is malicious software that demands ransom from innocent users by blocking access to information systems. Since traditional methods are limited to predefined blacklists, they may be ineffective against unknown ransomware types. On the other hand, deep learning methods offer a sensitive defense mechanism against anomalies by learning standard behavior patterns. This study studied the Internet logs of Android devices consisting of 392,034 rows and 86 columns using the Long Short-Term Memory (LSTM) model. The dataset contains 14 different Android ransomware families and harmless traffic. Data preprocessing steps include missing data management, outlier analysis, feature selection, coding operations, and data normalization/standardization. The dataset was split at 80% training 20% test ratio, and it was determined that the 80% training 20% test split had the highest accuracy. The developed LSTM-based classification model achieved successful results with a 99% accuracy rate and 0.99 F1 score.