An ensemble-based supervised machine learning framework for android ransomware detection

With latest development in technology, the usage of smartphones to fulfill day-to-day requirements has been increased. The Android-based smartphones occupy the largest market share among other mobile operating systems. The hackers are continuously keeping an eye on Android-based smartphones by creating malicious apps housed with ransomware functionality for monetary purposes. Hackers lock the screen and/or encrypt the documents of the victim’s Android based smartphones after performing ransomware attacks. Thus, in this paper, a framework has been proposed in which we (1) utilize novel features of Android ransomware, (2) reduce the dimensionality of the features, (3) employ an ensemble learning model to detect Android ransomware, and (4) perform a comparative analysis to calculate the computational time required by machine learning models to detect Android ransomware. Our proposed framework can efficiently detect both locker and crypto ransomware. The experimental results reveal that the proposed framework detects Android ransomware by achieving an accuracy of 99.67% with Random Forest ensemble model. After reducing the dimensionality of the features with principal component analysis technique; the Logistic Regression model took least time to execute on the Graphics Processing Unit (GPU) and Central Processing Unit (CPU) in 41 milliseconds and 50 milliseconds respectively.

[1]  Antonella Santone,et al.  Ransomware Inside Out , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[2]  Ziming Zhao,et al.  Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection , 2018, IEEE Transactions on Information Forensics and Security.

[3]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[4]  Mauro Conti,et al.  Detecting Android Malware Leveraging Text Semantics of Network Flows , 2017, IEEE Transactions on Information Forensics and Security.

[5]  Khaled W. Mahmoud,et al.  Android Malware Detection and Categorization Based on Conversation-level Network Traffic Features , 2019, 2019 International Arab Conference on Information Technology (ACIT).

[6]  Mazleena Salleh,et al.  Preventing collusion attack in android , 2015, Int. Arab J. Inf. Technol..

[7]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[9]  Ali A. Ghorbani,et al.  DNA-Droid: A Real-Time Android Ransomware Detection Framework , 2017, NSS.

[10]  Shweta Sharma,et al.  RansomAnalysis: The Evolution and Investigation of Android Ransomware , 2020 .

[11]  S. Sibi Chakkaravarthy,et al.  Malware traffic classification using principal component analysis and artificial neural network for extreme surveillance , 2019, Comput. Commun..

[12]  Tsutomu Maruyama,et al.  Performance comparison of FPGA, GPU and CPU in image processing , 2009, 2009 International Conference on Field Programmable Logic and Applications.

[13]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[14]  Isredza Rahmi A. Hamid,et al.  Android Ransomware Detection Based on Dynamic Obtained Features , 2020, SCDM.

[15]  Bibudhendu Pati,et al.  Malware Detection in Big Data Using Fast Pattern Matching: A Hadoop Based Comparison on GPU , 2014, MIKE.

[16]  Rakesh Kumar,et al.  The Paradox of Choice: Investigating Selection Strategies for Android Malware Datasets Using a Machine-learning Approach , 2020, Commun. Assoc. Inf. Syst..

[17]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[18]  Fabio Martinelli,et al.  On the effectiveness of system API-related information for Android ransomware detection , 2018, Comput. Secur..

[19]  V. S. Subrahmanian,et al.  EC2: Ensemble Clustering and Classification for Predicting Android Malware Families , 2020, IEEE Transactions on Dependable and Secure Computing.

[20]  Fabio Martinelli,et al.  R-PackDroid: API package-based characterization and detection of mobile ransomware , 2017, SAC.

[21]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[22]  Mohammad Nauman,et al.  Design and implementation of a fine-grained resource usage model for the android platform , 2011, Int. Arab J. Inf. Technol..

[23]  Shriram K. Vasudevan,et al.  Phishing detection using RDF and random forests , 2018, Int. Arab J. Inf. Technol..

[24]  Miroslaw Malek,et al.  Extinguishing Ransomware - A Hybrid Approach to Android Ransomware Detection , 2017, FPS.

[25]  Jiqiang Liu,et al.  Detecting Android Locker-Ransomware on Chinese Social Networks , 2019, IEEE Access.

[26]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[27]  C. Rama Krishna,et al.  A survey on analysis and detection of Android ransomware , 2021, Concurr. Comput. Pract. Exp..