Introduction

Due to the huge range of sensitive information stored both on the cloud and devices on transferring through the network, the detection of malware, specifically ransomware become a hot topic nowadays1. Hackers have been focused on making malicious mobile applications that could exploit the environment, devoid of existing standards on protection utilized by Google beforehand the developer releases the application2. A new kind of Malware like Android ransomware become an emergent one in the mobile segment. So as to protect from this application that is malicious, there is a need for an extra protection layer individually in each Android mobile device. The attack that looks like ransomware employs some stages set for infecting the system which initiates with infection and distribution of the device. This malware searches for files to infect them. It thus encrypts the files, threatens exposure, and requests ransom for affecting the sensitive data of victims for non-payment cases. The ransomware is responsible for encrypting the victim’s file from their computer in a short time so as to hijack data & ask for ransom. Typical models to discover the signature of malware do not function since the virus has consistent evolution, thus making virus action detection a challenging one. Because of this threat’s several signatures, various existing signature-based detection models are not working well for detecting Android ransomware3.

As a step to overcome those challenges, security at the cloud storage is employed and promoted by cloud providers. Cloud computing refers to a secure way for remote servers to access and store information. After that, the cloud makes it possible to access information at any cost of time over any other medium4. Several challenges confront the security of the cloud like accessing user control, interface safety, data separation, & data stored safely which identifies cloud storage providers or end users who might manage encryption & decryption. Once the user utilizes the cloud to store data and outcomes, they become vigilant. Also, data stored should be encrypted before it is transmitted to the cloud. This might enable consumers and users to access resources of the cloud that are shared securely and effectively which is offered that whole data are thus encrypted using various encryption approaches and models. The utilization of encryption models is regarded as a better means of securing data in the cloud5. Also, the detection of classification of data as malware or normal is essential before storing them on a cloud server.

A technique of cryptography is employed widely to protect public cloud data. This allows customers to access the mutual administration of the cloud in an effectual manner as whole data is protected6. The cryptography technique makes the plain text an unpredictable one which limits the view of data that are being transferred. Encryption is a better cryptographic model that does not compromise security & sensitive data’s transferring speed. The basic component of encryption is a defense-in-depth strategy as it could mitigate the weakness of the mechanism in primary access control7. If the data is encrypted with a string key, it would be intricate for attackers to decrypt them as long the information is not in a similar system as such your data. Encryption mechanism aids in preventing confidential data to fall into the wrong hands. In other words, sensitive data confidentiality is thus preserved by the process of encryption. The encryption model use includes managing encrypting keys securely and safely. Also, there are three kinds of security processes like data encryption, key generation, and decryption of data.

For cloud storage and security, there were several cryptography algorithms8, among them the most recent and effective ones Blowfish and Homomorphic ECC encryption are ensembled in this proposed work. Various researchers conducted studies to prove the efficiency of various existing cloud security approaches. The major intention of this work is to take probable benefits from the traditional computer-aided diagnosis (CAD) -aided Deep Learning (DL) model for detecting ransomware and storing data securely in the cloud.

Motivation of this research

The main motivation of this study is to define the evolution of Android malware and its types. mainly the ransomware, which targets all permissions inside Android mobile devices and encrypts all the data inside. To recover data, we are processing an advanced hybrid cryptography technique with the combination of ECC and Blowfish to secure storage data, while a deep learning model is used to detect the malware and provide data security to mobile devices. The final result of this study is to ensure the safety and privacy of information stored on mobile devices.

Methodology

  • Improve feature selection with SSO-Squirrel Search Optimization; unlike the traditional model, this one uses a metaheuristic algorithm to analyze the behavior of the ransomware with more relevant features.

  • With the use of adaptive deep saliency The AlexNet classifier’s extraction capabilities are improved, and there is better generalization of new kinds of Android ransomware data from the dataset with increased accuracy in detection.

  • To provide strong security with small keys and fast encryption, hybrid cryptography is used by combining ECC and Blowfish encryption.

  • The proposed model is to produce enhanced model evaluation with 99% accuracy in the detection of malware and effective visualization compared to the already existing traditional model in Android ransomware detection techniques.

The remaining section of this article is organized as follows: “Related works” section is the description of various traditional models employed related to cloud storage security and detection of Android ransomware. The suggested work design is described briefly in “Proposed work” section. The assessment of performance and their outcomes are projected in “Experimental results” section. Finally, the conclusions are made in “Conclusion and future works” section.

Related works

A short summary of various existing models employed before related to Android ransomware detection and cloud storage security is provided here.

The work of Benil et al.9 suggested a scheme called certificate-less Elliptical Curve Aggregate signature of cryptography for the purpose of auditing and public verification in a server of the medical cloud. It offers security in E-healthcare with the use of authorized technology blockchain. To encrypt medical data elliptic curve cryptography (ECC) was used together with the certificate-less signature aggregate scheme for producing digital signatures to share & store them in the cloud. The blockchain technique guarantees secured storage of them in a cloud server.

A framework was developed by Velmurugadass. et al.10 for checking the specific data actions and thus creates a cloud cloud-dependent software-defined network (SDN). SDN comprises of hundreds of mobile nodes, controllers based on blockchain and open flow switch, investigator, authentication server, and cloud server. Initially, registered users having AS cloud receive secret keys depending on Harmony search optimization (HSO) from AS. Using the Elliptical curve integrated encryption scheme approach, mobile nodes packets were thus encrypted and thus forwarded to a cloud server. A scheme of SHA-256 cryptographic hash algorithm was employed for preserving evidence of blockchain gathered from the signature and data of the user. The performance analysis shown performs better outcomes in terms of response time, accuracy, entire security change parameters, and enhancing throughput.

A method was presented by Thirumalai et al.11 with an effective, non-sharable public key exponent secured scheme that employs a non-linear equation of Diophantine. By this, high security was attained. Not like other schemes such as ESR, and RS, the presented model ENPKESS includes three encryption stages together with decryption in both stages. Due to this, secret key extraction was complex for resolving public components. The Knapsack model ensures higher security in the cloud system. From performance analysis, it was proven that the ENPKESS model offers higher security than other existing approaches.

A cloud-based security model was presented by Masud et al.12 for the E-healthcare system. Since, the cloud systems were scalable, inexpensive, and offered a huge access range to the patient’s health records electronically by promoting security constraints. The technique offers a secured means of port for participants thereby avoiding unlicensed users from accepting cloud storage information. With the use of the key derivation function, multiple number of keys were formed in this structure. This ensures the ciphering of information in an end-wise manner thereby preventing misuse. Depending on integration and integrity among stakeholders, access rights were provided to cloud services. This model was suited for confidentiality and data security.

A method of privacy preservation and an untraceable scheme was employed by Shen et al.13. By the design of a proximal re-encryption approach with ORAM obvious RAM in a cloud environment, multiple users were supported in data sharing. The phase of key exchange was employed among group associates and proxies in this model for acquiring keys. By the retrieved ciphertext through the proxy re-encryption phase, group members are able to control access & thus perform sharing of data securely. A binary tree model linked with a one-way circular table was thus operated to access secret data and intractability.

In Hedaia et al.14, a non-traditional scheme for authentication called Bio-CAPTCHA was employed. The presented technique offers random vice-dependent challenges of passwords that change each time dynamically when the user tries to log in, thereby ensuring the probability of unauthorized access. The major objective was to suggest such new solutions for the authentication of users dedicated to multi-level user authentication. It employs the authorization of users in a distributed framework to permit access to cloud databases & repositories.

Kavin et al.15, a hybrid framework was suggested for cloud computing security. The algorithms like AES, DAS, and stenography were emphasized in this model. By using this approach, data integrity, authenticity, and security were probable. For offering high protection, DSA, and AES were combined with steganography.

The artificial intelligence techniques were made in this model by Movassagh et al.16 for the issue related to the input coefficient. This in turn offers the demand for applications using meta-heuristic approaches. It seems to be low control in weed optimization performance in terms among typical cloud models. In the issues, of application security, open web security was identified which covers multi-tenancy, configurability, and scalability.

The author of the work Orantes Jiménez et al.17 presented a review regarding the risks related to security that signifies cloud threat as the model of service delivery nature such as Hill, Vernan encryption, Vignere, Rail fence cipher, proxy re-encryption, and Playfair. The significant thing regarding the algorithm of cryptography was the security of data. The advantages cover flexibility, cost saving, scalability, reliability, manageability, backup, recovery, and mobility. The issues include data integrity, confidentiality, malicious insiders, and transmission of data.

In a model proposed by Ogiela18, a new approach was presented for creating a multilevel advanced authentication protocol using hybrid CAPTCHA codes. Such a code may define a new cognitive class of CAPTCHA that requires special skills and knowledge from a user at the time of the verification process offering proper authentication. The main objective was to define how various graph formalities and linguistics might be employed to secure data division and management. The structure of the graph represents huge probabilities of application in the area of cloud computing. The suggested model was integrated with the DL approach for classifying complex patterns.

In Jabbar and Bhaya19, a technique to place among cloud and user based on two stages was presented. The first one protects the cloud from various kinds of network attacks thus detecting abnormal and normal flow. The next one is classifying data user thereby encrypting them depending on their significance with the use of various encryption approaches. Also, the algorithm used was advanced encryption standard (AES), triple data encryption (3DES), & rivest cipher (RC4), for classified data encryption consistent with the significance that might be kept in the cloud in a secured manner.

A novel model to enhance data security was presented by Mohd et al.20 by means of a mutual authentication that combines hybrid cryptography assets and DL model power to offer adaptable and robust solutions to secure data in the cloud. One such main intention of this model was to pre-trained CNN. The secured means of communication among involved parties thereby combining cryptography with faster time of execution. Analysis reveals that the hybrid model offers enhanced security than other models. Highlights of different traditional models are illustrated in Table 1.

Table 1 Related work highlights on different traditional models.
Full size table

Proposed work

A thorough explanation of the suggested design is described in this section. Primarily, the input APK files/ data are preprocessed to extract features. The selection of optimal features is supported out by means of the Squirrel search optimization (SSO) process. After that, the DL-based model-Adaptive deep saliency AlexNet classifier is presented to detect and classify data as malicious or normal ones. The detected data which are not malicious are stored in a cloud server. For secured storage of data in the cloud, the hybrid cryptographic model (Hybrid Homomorphic ECC & Blowfish) is employed which includes key computation and key generation process. The cryptographic scheme includes encryption and decryption of data after which the app response is found to attain a decrypted result upon user request. The illustration of the whole manuscript workingflow is shown in Fig. 1.

Fig. 1
figure 1

Schematic flow of suggested design.

Full size image

Experimental setup

The evaluation setup of the proposed system is expressed here by taking the online available dataset as https://github.com/harrypro02/Android-Malware-Permission-Based-Dataset’, and maldroid-2020, which may consist of different permissions for Android malware identification on mobile devices with different parameters such as storage, image, opcode, system call, and all permissions inside the mobile device. Then the preprocessing is handled with the model to train the DL model from the available dataset. To get the desired result, the dataset may consist of 15,000 entries in 5 rows and 1204 columns with malware data, and the normal dataset is preprocessed into the training model. After training, feature extraction is done with the SSO optimization algorithm to improve model performance with an efficient learning rate of 0.01 and L2 regularization to overcome the loss after feature extraction. Cryptographic key management is processed with homomorphic ECC and Blowfish encryption to ensure security is maintained throughout the process of decrypting the affected data processed by the ransomware. After encryption, model performance is analyzed with 50 epochs of training and 80/20 testing using adaptive deep saliency. AlexNet is configured with a dense layer and an Adam optimizer with a Relu activation function to capture Android malware with high accuracy compared with other traditional deep learning models available. Finally, this model ensures the combined deep learning and cryptographic methods work very well in detecting Android malware with high accuracy, and the scientific design of the proposed model is expressed in the below sections.

Input data cleaning

At first, the input data (application to be installed) is taken and preprocessed to remove redundant and unnecessary data. The preprocessing in this model aims to evaluate the capability to protect against the embedded ransomware code in Android apps. To attain this, a special key for preprocessing the bytecodes from Android apps is used and exploited as a structure. A hybrid cryptography model was employed to determine significant features for the finding of Android malware. Before employing the detection algorithm, preprocessing is carried out for a dataset index format. This approach takes care of converting the process of dex files to a suitable APK format. This in turn includes dex-file compiling as a setup that adapts to APK. For maintaining the designing compatibility of mobile devices, modules from JVM of Omni Rom (OR) to this transformation are employed. After the completion of the conversion process, the model analyses the text segment of every APK file to extract opcode instructions. This model includes model creation for detecting ransomware and for securing cloud server data which follows the entire crypto-code. The APK image was taken for each application and thus extracts the respective bytecode from the segment of .apk. the model calculates the data occurrence and thereby sends them to the process of feature extraction.

Feature extraction & SSO (squirrel search optimization) optimization-based selection

The classification of malware depending on grey-scale image extraction is a new approach. This has proved to be an effective tool for static analysis. It is the image that is expressed in grey color. According to the logarithmic relationship, the brightness from white to black color is thus divided into 256 grades. Various physical data from graphs could cause a respective difference in greyscale, and textures which confirms the reflection in the visual field. For exploiting the malware texture difference, an interactive disassembler was employed first (IDA) for attaining binary files into smaller units each one of them comprises of eight bits and is thus converted to unsigned integer format in a range 0–255. In a grey-scale image, 0 and 255 signify white and black correspondingly. At last, the file transformed is thus mapped to a matrix termed ‘grey scale matrix’. The matrix width is typically initialized to 2n. In this model, n is equal to 8. Moreover, the matrix is adopted to feature expression. So as to adopt this, the grey-scale matrix is thus mapped as a one-dimensional vector termed ‘grey scale vector’.

The features extracted are then subjected to an optimal selection of features so as to select optimal ones. The algorithm of SSO updates the position of the individuals as per the present season, the kind of individuals, and the predator’s appearance.

Initialization of population: Assume \(\mathcal{N}\) as the number of individuals, and \({SS}_{U}\) and \({SS}_{L}\) are the bounds of exploration space. As per the formula, the individuals are produced randomly in Eq. (1):

$$SS_{I} = SS_{L} + {\mathcal{R}}\left( {1,D} \right) \times \left( {SS_{U} - SS_{L} } \right)$$
(1)

\({SS}_{I}\) signifies ith specific \(\left(i=1,\dots ,\mathcal{N}\right)\), \(\mathcal{R}\) signifies the random number among 0 to 1 & D denotes the problem dimension.

Population classification

On taking the minimization issue into consideration, SSO needs one squirrel at every tree, whereas assuming the total number of squirrels are \(\mathcal{N}\). The population’s fitness function is thereby ranked in an ascending order. The squirrels are segregated into 3 kinds: Squirrels located at hickory trees \({S}_{H}\), squirrels at acorn trees \({S}_{A}\) and squirrels at normal trees \({S}_{N}\). To find the finest food cause, the terminus of \({S}_{A}\) is \({S}_{H}\) and terminus of \({S}_{N}\) is determined randomly as whichever \({S}_{H}\) or \({S}_{A}\).

Position updation

The squirrel’s position is thus updated in Eqs. (2 and 3).

$$\left\{ {\begin{array}{*{20}l} {SS_{I}^{t + 1} = SS_{I}^{t} + {\mathcal{G}} \times {\mathcal{C}} \times \left( {SS_{H}^{t} - SS_{I}^{t} } \right)} \hfill & {if\;{\mathcal{R}} > {\mathcal{P}}_{AP} } \hfill \\ {random\;location} \hfill & {Otherwise} \hfill \\ \end{array} } \right.$$
(2)
$$\left\{ {\begin{array}{*{20}l} {SS_{I}^{t + 1} = SS_{I}^{t} + {\mathcal{G}} \times {\mathcal{C}} \times \left( {S_{AI}^{t} - SS_{I}^{t} } \right) } \hfill & {if\;{\mathcal{R}} > {\mathcal{P}}_{AP} } \hfill \\ {random\;location} \hfill & {Otherwise} \hfill \\ \end{array} } \right.$$
(3)

\({\mathcal{R}}\) designates a random number & ‘t’ signifies the current iteration. \({\mathcal{P}}_{AP}\) denotes the probability of hunter arrival whose rate is 0.1. If \(\mathcal{R}>{\mathcal{P}}_{AP}\), then there will be predator absence & the squirrel slides into the forest for food. \(\mathcal{R}\le {\mathcal{P}}_{AP}\), the hunters might appear & squirrels have to decrease the activities of food forage since they are at risk. At that time, the squirrel’s positions are randomly relocated. \({\mathcal{C}}\) specifies the constant of value 1.9 & \(\mathcal{G}\) signifies gliding distance. \({S}_{AI}^{t}\) denotes randomly selected individual squirrels from \({S}_{A}.\) Gliding distance is considered as in Eq. (4)

$${\mathcal{G}} = \frac{{{\mathcal{G}}_{H} }}{{\tan \left( \theta \right) \times {\mathcal{S}}}}$$
(4)

\({\mathcal{G}}_{H}\) denotes the persistent whose value is 8 & \(\mathcal{S}\) is the relentless of value 18. \(tan\left(\theta \right)\) signifies the sailing angle. Once the number of iterations exceeds the extreme amount of iterations, the individual’s movement is stopped. Or else, the above steps get repeated.

Adaptive deep saliency AlexNet classifier

Once the selection of features is made, the mechanism of classification is employed so as to recognize the attacks. In this effort, the organization approach is the final stage of the detection mechanism. The detection should be made before the security mechanism. For the classification process, adaptive deep saliency AlexNet classifier is employed to classify the data as malignancy or benignity labels. The dataset is subdivided into 2 stages for estimating the regions to test and train. This phase covers dataset vector training with its respective classes, whereas the output identifies whether the input image is mild or fatal. This classifier model is trained and tested with the kernel function of RBF to attain a better outcome.

The suggested Adaptive deep saliency AlexNet classifier model detects whether the data is malicious or not. The data in the words before step t of CNN architecture is too employed as the input at the time of word processing of step t. The early cell data are gathered from cells and words are thus given as inputs. The little references sense the repeated image over one cell. The cell sequence of architecture is another reference. The amount of text presented in each example of data does not turn out to be a specific value of natural language processing issues. For executing each text, the dimensions of the arrangements were reduced to value. Once the value of the arrangement is less than the desired value, the sequence is thus filled as a value. Once the sequence size exceeds the mentioned value, the remaining are rejected.

The AlexNet CNN model comprises 5 layers of convolution, two fully connected layers that are connected completely, and one recurrent layer. The layers of CNN were employed for learning middle-level patterns of visual similar to the first 5 popular layers of AlexNet seven layer. The layer of RNN is employed for learning the dependency of space among visual patterns of the middle layer. In both final, layers, 2 fully connected RNN outputs were gathered and the representation of a global image was learned. The classification of the SoftMax layer should be applied subsequently to N-way (N signifies the class number).

Algorithm 1
figure a

Adaptive deep saliency AlexNet classifier.

Full size image

Once the data is classified as attack or normal, then the normal data is stored in a cloud server. From the cloud server, the data should be encrypted with a key so as to enable secured means of cloud storage. For the secured storing in the cloud, the computation of key or key generation is carried out followed by a hybrid cryptographic approach to enable encryption and decryption process. This is explained in subsequent sections.

Computation of key using K-Centers Diffie-Hellman (KC-DH)

For the secured means of storage in cloud, the data should be encrypted and protected with key. For key computation, the approach of K-centers Diffe-Hellman (KC-DH) is employed at which the generation of key is carried to share private key with which they could change data over insecure channel. However, the private key is not unique which generates each and every data sharing transaction at private key must be random. The algorithm for this key computation approach is shown below:

Algorithm 2
figure b

KC-DH protocol for key computation.

Full size image

This is the discrete logarithm issue, which is infeasible computationally for larger p. The computation of discrete number logarithm modulo p takes a similar amount roughly the same time of amount since factoring the two prime products as similar as p, which is what the RSA cryptosystem security lies on. Therefore, this protocol ECC-DH is secured roughly as RSA.

Hybrid cryptography using Homomorphic ECC & Blowfish approach

The hybrid homomorphic ECC and blowfish-dependent cryptographic scheme was suggested in this model which the multilevel encryption to exchange data between server and client in a model of public SaaS. It is primordial to preserve confidentiality before outsourcing or sending information in both directions from the client to the cloud & vice versa. Consequently, unauthorized access by non-allowed users might be secured to prohibit security constraint threats that are coming from intruders. This hybrid model is offered in which the cloud server data uploaded is therefore encrypted using a blowfish strategy to enhance the aspect of security thus preserving data privacy. Yet, for high protection, keys used in the encryption process are handled therefore and encrypted by the ECC approach. This hybrid model not only guarantees integrity & confidentiality but also offers authenticity. The suggested model utilizes two kinds of cryptography approaches which are a symmetric approach (blowfish) and an asymmetric algorithm (ECC). Therefore, this model of hybrid model integrates two approaches to benefit the encryption process. The blowfish approach or symmetric model is thus employed to encrypt data that is kept in the cloud. Thus, the decryption process is a reverse one carried out in data outsourcing. The asymmetric model is ECC & thus employed in the management & encryption of encrypting keys. The integrity of homomorphic ECC and Blowfish scheme processes enhances security in mobile environments where ECC processes have strong security with small key sizes compared to traditional models such as RSA. The 128-bit key of ECC offers the same security level as the 1024-bit key of RSA. Similarly, Blowfish is familiar for its speed and efficiency in a small, less resource-constrained environment like Android with 64-bit blocks for data encryption. Combining these two schemes improves confidentiality and is valuable for mobile environments without exposing all data inside the service provider. With this option, hybrid cryptography is more efficient than using AES and other traditional methods. The proposed homomorphic ECC and Blowfish scheme has the ability to perform computation by improving security enhancement, where the information inside the mobile data remains protected even during processing compared with traditional security schemes.

The approach aims to protect data that are exchanged between server and client in SaaS. Hence, the process of encryption is thereby performed at data which is to be updated by the client beforehand this is transferred to a server. The reverse process is employed on a client before this is sent to the server. The reversing process is employed on downloading data, therefore client decrypts data downloaded from server which are from server that could be able to employed. Hence, the functioning of the system is thus mentioned below.

Data uploading

Data is encrypted from plain to cipher text before uploading by means of the blowfish approach. After that, encryption keys are thus encrypted by the ECC algorithm. Finally, both encrypted files & generated secret keys were sent to a cloud server in the form of cipher text.

Data downloading

The reverse process was carried out on downloading data. At first, an encryption key is thus decrypted using the ECC approach. Then, the generated key is employed to decrypt data using the blowfish approach. Thereby plain text is effectively recovered. In this way, unauthorized users could not employ files as it is in a secure manner, hence they are not competent to access them without using decryption. The multilayer encryption uses blowfish as the initial layer & ECC in the next layer which is blowfish on input text after which the encryption outcome attained is delivered to the next layer at which the encrypted blowfish keys are encrypted through ECC. The final encryption output is achieved. For the understanding purpose, a few variables &v some functions list is given by \(Fb, E(b,k), P(F), Ek,\) & \(Pk\) which are employed in the suggested approach as given below:

Alone the encryption algorithm offered as a decryption approach is nothing but the reverse process of this is as follows:

Algorithm 3
figure c

Hybrid Homomorphic ECC & Blowfish Approach.

Full size image

In this, \(D\) is the input data file, the encrypted file is E, and N signifies the number of blocks in \(D\), \(E(b,k)\) signifies the encryption function that encodes \(text blocks(b)\) laterally with \(k key\) using projected \(IABE-PPKGC\) system. The P(F) function might allow (Fe) encrypted files to be sent them in a cloud server. The \(Ek\) function therefore encodes blowfish key with the use of \(ECC\) system. \(Pk\) signifies the function that permits encrypted key \((K1)\) which are produced by means of \(Ek\) in a cloud server.

The mathematical equation of the proposed Hybrid Cryptography is mentioned below, Elliptic curve cryptography has key generation, key exchange, and symmetric key derivation as follows.

  1. (i)

    Private key-PK, Public Key-PuK, where private key select integer in the range of (1, n-1) where n is the order in base point ECP-Elliptic Curve Point, then PuK is computed in Eq. (5)

    $$PuK=PK.ECP$$
    (5)
  2. (ii)

    Now key exchange is processed with a shared secret key as SK, then SK is computed in Eq. (6)

    $$SK=P{K}_{1}Pu{K}_{2}=P{K}_{1}\left(P{K}_{2}ECP\right)=P{K}_{2}\left(P{K}_{1}ECP\right)=P{K}_{2}Pu{K}_{1}$$
    (6)
  3. (iii)

    Now the symmetric key derivation is derived using secret key SK and Symmetric Key as SyK using a Key creation Function as KCF expressed in Eq. (7)

    $$SyK=KCF(SK)$$
    (7)
  4. (iv)

    Blowfish has divided into two parts to make smaller keys for both encryption and decryption to solve computational overhead where P is for Plaintext and C for Ciphertext. The encryption and decryption process started with block size as b and i for data that is too processed is expressed in Eq. (8)

    $${C}_{i}=Blowfis{h}_{SyK}({P}_{i})$$
    (8)
    $${P}_{i}=Blowfis{h}_{SyK}-1({C}_{i})$$
    (9)
  5. (v)

    The final output is to be processed by getting the concatenation of all decrypted blocks to recover data from the Android ransomware encrypted data as output expressed as P Plaintext in Eq. (10)

    $$P = P_{1} \left| {\left| {P_{2} } \right|} \right|..||P_{n}$$
    (10)

The main focus of this research is to enhance the deep learning model with the SSO algorithm to optimize the significant pattern of the Android malware, whether it is vulnerable or normal data, with improved classification accuracy and powerful feature extraction using saliency. AlexNet for better generalization over traditional deep learning models Finally, hybrid cryptography uses high security on Android devices by using smaller key sizes and blowfish integration, making it a fast cryptographic model to achieve integrity and minimize computational overhead in a cloud environment where all information is stored34.

Experimental results

The analysis of performance on the proposed system is carried and the evaluated outcomes attained are compared with traditional models to compare the efficacy of the proposed design with existing approaches26,27,28. The analysis is carried out for both detection mechanisms and security constraints29.

Confusion matrix of the proposed model

It is a table that defines the evaluated concert of the classification algorithm to detect the actual and predicted classes to define the accuracy of the model it has True Positive (TP), True Negative (TN), False Positive (FP), and False Negative (FN). The representation of the Confusion Matrix is shown in Fig. 2.

Fig. 2
figure 2

Confusion Matrix of the proposed model.

Full size image

Evaluation results

The precision is computed by Eq. (11):

$$Precision=\frac{TP}{TP+FP}$$
(11)

The accuracy is computed by Eq. (12):

$$Accuracy=\frac{TP+TN}{TP+TN+FP+FN}$$
(12)

Recall is Computed by Eq. (13):

$$Recall=\frac{TP}{TP+FN}$$
(13)

F1-score is Computed by Eq. (14):

$$F1-score=\frac{(2*TP)}{(2*TP+FN+FP)}$$
(14)

Comparative analysis of deep learning model to detect ransomware

The comparative analysis of the proposed and existing model26 is made and the outcomes attained are provided here. Table 2 is the comparison made for the train/test split of the suggested strategy in terms of accuracy, precision, recall, and F1-score. Also, the graphical representation of this is shown in Fig. 3.

Table 2 Comparison of the training model of the proposed scheme.
Full size table
Fig. 3
figure 3

Comparison of train/test split of the proposed model.

Full size image

Table 3 denotes the comparative estimation of prediction time and training time for the training/testing split of the suggested scheme. Also, the graphical representation of this is shown in Fig. 4.

Table 3 Analysis of training time and prediction time for the proposed model.
Full size table
Fig. 4
figure 4

Comparative analysis of training time and prediction time for the proposed model.

Full size image

In Table 3 the analysis proves that the proposed model is effective in all metrics on comparing existing models. The graphic illustration of this is shown in Fig. 5. The proposed model comparative analysis with existing models is listed in Table 4.36,37.

Fig. 5
figure 5

Proposed model comparative analysis with existing models.

Full size image
Table 4 Proposed model comparative analysis with existing models.
Full size table

Table 5 shows the proposed model comparisons made for proposed and various existing schemes in terms of training time. The analysis proves that the proposed model is effective in comparing existing models38,39.

Table 5 Proposed model comparative analysis with existing models.
Full size table

Figure 6 is the proposed model comparisons made for the proposed and various existing schemes in terms of training time. The analysis proves that the proposed model is effective in comparing existing models 40.

Fig. 6
figure 6

Proposed model comparative analysis with existing models.

Full size image

Thus, from the analysis, it was obvious that the detection mechanism of the proposed scheme is more effective than others compared to existing models41.

Comparative analysis of security storage from cloud data

The hybrid cryptographic model proposed is analyzed and outcomes are compared with traditional models27,28 to validate the proposed system effectiveness.

Table 6 is the proposed model security constraint comparisons made for the proposed and various existing schemes in terms of key generation time, key pairing time, and accuracy of the cryptography approach. The analysis proves that the projected (SSO-AlexNet-based Hybrid cryptography) model is effective in comparing existing models27,30,42.

Table 6 Comparison of proposed with existing methods.
Full size table

In Table 6, a performance comparison of key generation time, key pairing time & accuracy value is made. From the outcomes, it was clearly shown that the proposed method offers lower time for key generation and key pairing with a high rate of accuracy on comparing traditional methods.

Thus, the proposed method is highly secure in comparing existing methods31,43.

Figure 7 is the performance comparison of accuracy value is made. From the outcomes, it was clearly shown that the proposed method offers lower time for key generation and key pairing with a high rate of accuracy on comparing traditional methods. Thus, the proposed method is highly secure in comparing existing methods44.

Fig. 7
figure 7

Comparative analysis of accuracy security mechanism.

Full size image

Table 7 shows the comparisons made for block generation analysis and computational time. The proposed shows better outcomes than other existing models27,45.

Table 7 Comparative estimation of Computational time and block generation analysis.
Full size table

From Table 8, it demonstrates that the time engaged is 1.5 days and the entire computational charge is assessed as 246 bytes. The computation charge is extreme and the time engaged is reduced associated with the prevailing studies27,32.

Table 8 Time delay comparison.
Full size table

Table 9 shows the comparisons made for encryption time for proposed and various traditional models in terms of time, size of secure key, security, and accuracy which reveals that the proposed method is better in offering lower encryption time with a high level of security27,33,49,50.

Table 9 Comparative estimation of Encryption time.
Full size table

Figure 8 defines the final IDE output.

Fig. 8
figure 8

IDE Output of the proposed model.

Full size image

Table 10 signifies the overall performance accuracy made for various existing techniques and proposed models. The overall accuracy of this proposed design is enhanced than others. Figure 9 is the representation of this in graphical form51,52.

Table 10 Overall performance accuracy.
Full size table
Fig. 9
figure 9

Overall performance accuracy.

Full size image

Henceforth, from the above evaluations of the proposed approach, the challenges observed were the computational complexity of the hybrid cryptography approach for mobile devices as a resource-constrained environment, but attaining confidentiality in the data requires process optimization to achieve efficiency without compromising security. Secondly, the challenges we face are in the representation of training data, where bias happens during the generalization of data. This challenge is overcome with SSO optimization with a data analysis function to monitor imbalanced data, and enhancement of detection accuracy is improved with the AlexNet DL model. From the analysis, it was obvious that the proposed model is better and offers an enhanced outcome than other existing models.

Conclusion and future works

In this study, the proposed deep learning model to detect the data that is targeted by the Android malware, which processes the active structures such as permissions, opcodes, APIs, and system calls for the detection operation. To extract all the information related to the Android ransomware, we are using a DL-based model called adaptive deep security. An AlexNet classifier was employed to detect and classify data as malicious or not. Subsequently, for secured storage of data in the mobile cloud, the hybrid homomorphic ECC and Blowfish cryptographic scheme was employed, which includes key computation and key generation processes. The cryptographic scheme includes encryption and decryption of data, after which the app response was found to attain a decrypted result upon user request, where opcodes are analyzed with low computational overhead with the SSO optimization algorithm. The result of this experiment demonstrates that the detection accuracy is in the range of 99.89%, which outperforms the normal traditional Android malware detection model.

In the future, the same model is to be tested further with more new datasets related to Android malware and opcodes that are analyzed with different sequences to analyze the family of ransomware, and the type of cryptography algorithm is to be analyzed in the near future by adding an additional tuning layer to the proposed model and getting superior results by comparing it with the hybrid cryptography algorithm fused with the deep learning model. This work might be extended by adding re-encryption and secured transmission of data with quality-dependent coding in different domains such as healthcare and finance, which are implications for future research in mobile environments.