<![CDATA[Android ransomware poses a major threat to cybersecurity, resulting in financial losses, data thefts, and service disruptions for mobile users. In this paper, a network traffic-based ransomware detection framework is proposed, which combines the feature selection and data augmentation approaches with machine learning and deep learning algorithms. The proposed methodology consists of data preprocessing, data normalization, class balancing, and feature reduction based on the Random Forest importance and SHAP analysis to select the most informative features. Different classification models such as Logistic Regression (LR), Decision Tree (DT), K-Nearest Neighbors (KNN), Support Vector Machine (SVM), Multi-Layer Perceptron (MLP), TabNet, Deep Neural Network (DNN), and Convolutional Neural Network (CNN) are evaluated and compared. Generative Adversarial Networks (GANs) are used to generate synthetic ransomware samples for training, to cope with class imbalance, and to enhance detection capability. The results of the experiments proved that the GAN-improved CNN model's overall accuracy is 99.5%, recall is 99.8%, precision is 99.6%, F1 score is 99.6%, and AUC is 98.9%. The results further show that feature reduction resulted in reduced time in training and testing with high detection performance. This paper emphasizes the importance of the proposed feature selection, augmentation using GAN, and deep learning approach for detecting Android ransomware. The framework proposed, however, led to decreased feature space and increased computational efficiency, but additional testing on real Android devices is still needed to confirm the claims of lightweight deployment and low resource usage.]]>
