Detecting crypto-ransomware in IoT networks based on energy consumption footprint

An Internet of Things (IoT) architecture generally consists of a wide range of Internet-connected devices or things such as Android devices, and devices that have more computational capabilities (e.g., storage capacities) are likely to be targeted by ransomware authors. In this paper, we present a machine learning based approach to detect ransomware attacks by monitoring power consumption of Android devices. Specifically, our proposed method monitors the energy consumption patterns of different processes to classify ransomware from non-malicious applications. We then demonstrate that our proposed approach outperforms K-Nearest Neighbors, Neural Networks, Support Vector Machine and Random Forest, in terms of accuracy rate, recall rate, precision rate and F-measure.

[1]  Ali Dehghantanha,et al.  Towards secure model for SCADA systems , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[2]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[3]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[4]  Daniele Sgandurra,et al.  Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection , 2016, ArXiv.

[5]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[6]  Ali Dehghantanha,et al.  M0Droid: An Android Behavioral-Based Malware Detection Model , 2015 .

[7]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[8]  Elisa Bertino,et al.  Internet of Things (IoT) , 2016, ACM Trans. Internet Techn..

[9]  Meinard Müller,et al.  Dynamic Time Warping , 2008 .

[10]  Jian Pei,et al.  A brief survey on sequence classification , 2010, SKDD.

[11]  Kim-Kwang Raymond Choo A Conceptual Interdisciplinary Plug-and-Play Cyber Security Framework , 2014 .

[12]  Ali Dehghantanha,et al.  Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study , 2017, ArXiv.

[13]  Tak-Chung Fu,et al.  A review on time series data mining , 2011, Eng. Appl. Artif. Intell..

[14]  Wojciech Mazurczyk,et al.  Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence , 2016, IEEE Transactions on Information Forensics and Security.

[15]  Ali Dehghantanha,et al.  A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks , 2019, IEEE Transactions on Emerging Topics in Computing.

[16]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[17]  Ali Selamat,et al.  A survey on malware propagation, analysis, and detection , 2013 .

[18]  Colin Tankard,et al.  The security issues of the Internet of Things , 2015 .

[19]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[20]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[21]  Giancarlo Fortino,et al.  Internet of Things Based on Smart Objects, Technology, Middleware and Applications , 2014, Internet of Things Based on Smart Objects, Technology, Middleware and Applications.

[22]  Geir M. Køien,et al.  Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks , 2015, J. Cyber Secur. Mobil..

[23]  Alessio Merlo,et al.  A survey on energy-aware security mechanisms , 2015, Pervasive Mob. Comput..

[24]  Hongyu Yang,et al.  Power Consumption Based Android Malware Detection , 2016, J. Electr. Comput. Eng..

[25]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[26]  Dhiren Patel,et al.  A Survey on Internet of Things: Security and Privacy Issues , 2014 .

[27]  Juan E. Tapiador,et al.  Evolution, Detection and Analysis of Malware for Smart Devices , 2014, IEEE Communications Surveys & Tutorials.

[28]  Ali Dehghantanha,et al.  Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms , 2016 .

[29]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[30]  Laurence T. Yang,et al.  Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies , 2017, IEEE Internet of Things Journal.

[31]  Antonella Santone,et al.  Ransomware Steals Your Phone. Formal Methods Rescue It , 2016, FORTE.

[32]  Antanas Verikas,et al.  Mining data with random forests: A survey and results of new tests , 2011, Pattern Recognit..

[33]  Alessio Merlo,et al.  Measuring and estimating power consumption in Android to support energy-based intrusion detection , 2015, J. Comput. Secur..

[34]  Sanggeun Song,et al.  The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform , 2016, Mob. Inf. Syst..

[35]  Ali Dehghantanha,et al.  Digital forensics: the missing piece of the Internet of Things promise , 2016 .

[36]  Ron Kohavi,et al.  A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection , 1995, IJCAI.

[37]  Ali Dehghantanha,et al.  Trends In Android Malware Detection , 2013, J. Digit. Forensics Secur. Law.

[38]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[39]  Srivaths Ravi,et al.  A study of the energy consumption characteristics of cryptographic algorithms and security protocols , 2006, IEEE Transactions on Mobile Computing.

[40]  Kim-Kwang Raymond Choo,et al.  Circumventing iOS security mechanisms for APT forensic investigations: A security taxonomy for cloud apps , 2018, Future Gener. Comput. Syst..