KRDroid: Ransomware-Oriented Detector for Mobile Devices Based on Behaviors

Ransomware has become a serious threat on Android and new cases of ransomware are continuously growing. Most existing ransomware detectors use sensitive text or APIs to detect ransomware. Some goodware applications with the functionalities of locking screen and encrypting files have similar behaviors with ransomware. It is difficult for ransomware detectors to identity them. In this paper, we made detailed analyses of three kinds of active ransomware. We proposed a behavior-based ransomware detector on Android, called KRDroid. KRDroid deploys on servers or PCs, that is, ransomware cannot be activated and cause any loss during testing. Experiments showed that our ransomware-oriented detector can find 1809 of 1862 unseen ransomware. It can also distinguish goodware with similar ransom behaviors to ransomware with an accuracy of 97.5%.

[1]  Fabio Martinelli,et al.  R-PackDroid: Practical On-Device Detection of Android Ransomware , 2018, ArXiv.

[2]  Ali A. Ghorbani,et al.  DNA-Droid: A Real-Time Android Ransomware Detection Framework , 2017, NSS.

[3]  Dong Liu,et al.  Detection of Fake IoT App Based on Multidimensional Similarity , 2020, IEEE Internet of Things Journal.

[4]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[5]  Ziming Zhao,et al.  Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection , 2018, IEEE Transactions on Information Forensics and Security.

[6]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[7]  Sanggeun Song,et al.  The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform , 2016, Mob. Inf. Syst..

[8]  Isredza Rahmi A. Hamid,et al.  Android Ransomware Detection Based on Dynamic Obtained Features , 2020, SCDM.

[9]  Wojciech Mazurczyk,et al.  Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall , 2016, IEEE Network.

[10]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[11]  Daniele Sgandurra,et al.  Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection , 2016, ArXiv.

[12]  Jin Kwak,et al.  Real Time Android Ransomware Detection by Analyzed Android Applications , 2019, 2019 International Conference on Electronics, Information, and Communication (ICEIC).

[13]  Alireza Karimi,et al.  Android ransomware detection using reduced opcode sequence and image similarity , 2017, 2017 7th International Conference on Computer and Knowledge Engineering (ICCKE).

[14]  Zhang Chao Cloud Computing , 2015, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

[15]  Ghufran Ahmed,et al.  An Effective Android Ransomware Detection Through Multi-Factor Feature Filtration and Recurrent Neural Network , 2019, 2019 UK/ China Emerging Technologies (UCET).