The increase in ransomware threats targeting Android devices necessitates the development of advanced techniques to strengthen the effectiveness of detection and prevention methods. Existing studies use Machine Learning (ML) techniques to detect and classify ransomware attacks, however, the ransomware landscape's rapid evolution hinders the effectiveness of these approaches. Moreover, the potential of Deep Reinforcement Learning (DRL) for this purpose remains unexplored. This study investigates the application of various DRL models for Android ransomware detection, leveraging permissions and network traffic attributes-labeled datasets. The paper provides a detailed explanation of implementing supervised learning within a DRL context. Secondly, the challenge of devising a reward function in Android ransomware detection is addressed, given the lack of an automated method for Android ransomware identification. The conventional DRL framework, which relies on the agent's interaction with a real-time environment, is conceptually modified in a new approach. We exhaustively tested the efficiency and accuracy of DRL-based models against other ML techniques, and results show that the A2C model has a better comparable detection performance than other DRL and ML models. Moreover, when DRL models are implemented with minor parameter modifications, they expedite and improve Android ransomware detection's speed, efficiency, and accuracy relative to existing ML strategies.

中文翻译：

---

利用应用程序权限和网络流量属性进行 Android 勒索软件检测


针对 Android 设备的勒索软件威胁的增加需要开发先进技术来增强检测和预防方法的有效性。现有研究使用机器学习 (ML) 技术来检测和分类勒索软件攻击，然而，勒索软件领域的快速发展阻碍了这些方法的有效性。此外，深度强化学习（DRL）为此目的的潜力尚未被开发。本研究利用权限和网络流量属性标记数据集，研究了各种 DRL 模型在 Android 勒索软件检测中的应用。该论文详细解释了在 DRL 环境中实施监督学习。其次，鉴于缺乏 Android 勒索软件识别的自动化方法，解决了在 Android 勒索软件检测中设计奖励函数的挑战。传统的 DRL 框架依赖于代理与实时环境的交互，在概念上以新方法进行了修改。我们详尽地测试了基于 DRL 的模型与其他 ML 技术的效率和准确性，结果表明 A2C 模型比其他 DRL 和 ML 模型具有更好的可比检测性能。此外，当 DRL 模型通过较小的参数修改来实现时，相对于现有的 ML 策略，它们可以加快并提高 Android 勒索软件检测的速度、效率和准确性。