Ransomware Detection System for Android Applications

Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim’s device and requests a payment in order to recover them. The available technologies are not enough as new ransomwares employ a combination of techniques to evade anti-virus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated. A deep comparative analysis was conducted which shed the key differences among the existing solutions. An application programming interface (API)-based ransomware detection system (API-RDS) was proposed to provide a static analysis paradigm for detecting Android ransomware apps. API-RDS focuses on examining API packages’ calls as leading indicator of ransomware activity to discriminate ransomware with high accuracy before it harms the user’s device. API packages’ calls of both benign and ransomware apps were thoroughly analyzed and compared. Significant API packages with corresponding methods were identified. The experimental results show that API-RDS outperformed other recent related approaches. API-RDS achieved 97% accuracy while reducing the complexity of the classification model by 26% due to features reduction. Moreover, this research designed a proactive mechanism based on a high quality unique ransomware dataset without duplicated samples. 2959 ransomware samples were collected, tested and reduced by almost 83% due to samples duplication. This research also contributes to constructing an up-to-date, unique dataset that covers the majority of existing Android ransomware families and recent clean apps that could be used as a labeled reference for research community.

[1]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[2]  Gulshan Kumar,et al.  Analysis of Feature Selection Techniques: A Data Mining Approach , 2016 .

[3]  Iman Almomani,et al.  Android Applications Scanning: The Guide , 2019, 2019 International Conference on Computer and Information Sciences (ICCIS).

[4]  Carl A. Gunter,et al.  Malware Detection in Adversarial Settings: Exploiting Feature Evolutions and Confusions in Android Apps , 2017, ACSAC.

[5]  Karin M. Verspoor,et al.  Duplicates, redundancies and inconsistencies in the primary nucleotide databases: a descriptive study , 2016, bioRxiv.

[6]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[7]  Toshima Singh Rajput Evolving Threat Agents: Ransomware and their Variants , 2017 .

[8]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[9]  David Hylender,et al.  Data Breach Investigations Report , 2011 .

[10]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[11]  Ali A. Ghorbani,et al.  DNA-Droid: A Real-Time Android Ransomware Detection Framework , 2017, NSS.

[12]  Fan Yang,et al.  Detection of Android Malicious Apps Based on the Sensitive Behaviors , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[13]  Karthik Raman,et al.  Selecting Features to Classify Malware , 2012 .

[14]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[15]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[16]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[17]  Kamil Akhuseyinoglu,et al.  AntiWare: An automated Android malware detection tool based on machine learning approach and official market metadata , 2016, 2016 IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).

[18]  Alexandre Gazet,et al.  Comparative analysis of various ransomware virii , 2010, Journal in Computer Virology.

[19]  Gianluca Stringhini,et al.  Eight Years of Rider Measurement in the Android Malware Ecosystem , 2018, IEEE Transactions on Dependable and Secure Computing.

[20]  Yu Yang,et al.  Automated Detection and Analysis for Android Ransomware , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[21]  Antonella Santone,et al.  Identifying Mobile Repackaged Applications through Formal Methods , 2017, ICISSP.

[22]  Yusep Rosmansyah,et al.  Malware detection on Android smartphones using API class and machine learning , 2015, 2015 International Conference on Electrical Engineering and Informatics (ICEEI).

[23]  Rishabh Kaushal,et al.  Malware detection in android based on dynamic analysis , 2017, 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security).

[24]  Soham P. Kelkar Detecting Information Leakage in Android Malware Using Static Taint Analysis , 2017 .

[25]  José Alberto Hernández,et al.  Android Malware Characterization using Metadata and Machine Learning Techniques , 2017, Secur. Commun. Networks.

[26]  Miroslaw Malek,et al.  Extinguishing Ransomware - A Hybrid Approach to Android Ransomware Detection , 2017, FPS.

[27]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[28]  Sanggeun Song,et al.  The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform , 2016, Mob. Inf. Syst..

[29]  Stefano Zanero,et al.  GreatEatlon: Fast, Static Detection of Mobile Ransomware , 2016, SecureComm.

[30]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[31]  Antonella Santone,et al.  Ransomware Inside Out , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[32]  Thorsten Holz,et al.  Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation , 2016, CODASPY.

[33]  Herbert Bos,et al.  Research in Attacks, Intrusions, and Defenses , 2015, Lecture Notes in Computer Science.

[34]  Aniello Cimitile,et al.  Talos: no more ransomware victims with formal methods , 2018, International Journal of Information Security.

[35]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[36]  Qi Li,et al.  Android Malware Detection Based on Static Analysis of Characteristic Tree , 2015, 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[37]  David Lie,et al.  IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware , 2016, NDSS.

[38]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[39]  Christos Faloutsos,et al.  On the 'Dimensionality Curse' and the 'Self-Similarity Blessing' , 2001, IEEE Trans. Knowl. Data Eng..

[40]  Antonella Santone,et al.  Ransomware Steals Your Phone. Formal Methods Rescue It , 2016, FORTE.

[41]  Jos Boekhorst,et al.  Data mining in the Life Sciences with Random Forest: a walk in the park or lost in the jungle? , 2012, Briefings Bioinform..

[42]  Erhard Rahm,et al.  Data Cleaning: Problems and Current Approaches , 2000, IEEE Data Eng. Bull..

[43]  Leyla Bilge,et al.  Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks , 2015, DIMVA.

[44]  Patrick Traynor,et al.  CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[45]  Sencun Zhu,et al.  Droid-AntiRM: Taming Control Flow Anti-analysis to Support Automated Dynamic Analysis of Android Malware , 2017, ACSAC.

[46]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[47]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[48]  Muhammad Abdul Qadir,et al.  A comparison of feature extraction techniques for malware analysis , 2017, Turkish J. Electr. Eng. Comput. Sci..

[49]  Fabio Martinelli,et al.  R-PackDroid: API package-based characterization and detection of mobile ransomware , 2017, SAC.

[50]  Mamdouh Alenezi,et al.  Android Application Security Scanning Process , 2019 .

[51]  Xiangliang Zhang,et al.  Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions , 2019, IEEE Access.

[52]  Huan Liu,et al.  Efficient Feature Selection via Analysis of Relevance and Redundancy , 2004, J. Mach. Learn. Res..

[53]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[54]  Angelos Stavrou,et al.  Malicious PDF detection using metadata and structural features , 2012, ACSAC '12.

[55]  Nikola Bogunovic,et al.  A review of feature selection methods with applications , 2015, 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[56]  Nic Herndon,et al.  Experimental Study with Real-world Data for Android App Security Analysis using Machine Learning , 2015, ACSAC.

[57]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[58]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[59]  Iman Almomani,et al.  Efficient Denial of Service Attacks Detection in Wireless Sensor Networks , 2018, J. Inf. Sci. Eng..

[60]  Mansour Ahmadi,et al.  DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware , 2017, CODASPY.

[61]  Ziming Zhao,et al.  Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection , 2018, IEEE Transactions on Information Forensics and Security.

[62]  Akanksha Sharma,et al.  Mining API Calls and Permissions for Android Malware Detection , 2014, CANS.

[63]  Jianfeng Ma,et al.  A Combination Method for Android Malware Detection Based on Control Flow Graphs and Machine Learning Algorithms , 2019, IEEE Access.