Extinguishing Ransomware - A Hybrid Approach to Android Ransomware Detection

Mobile ransomware is on the rise and effective defense from it is of utmost importance to guarantee security of mobile users’ data. Current solutions provided by antimalware vendors are signature-based and thus ineffective in removing ransomware and restoring the infected devices and files. Also, current state-of-the art literature offers very few solutions to effectively detecting and blocking mobile ransomware. Starting from these considerations, we propose a hybrid method able to effectively counter ransomware. The proposed method first examines applications to be used on a device prior to their installation (static approach) and then observes their behavior at runtime and identifies if the system is under attack (dynamic approach). To detect ransomware, the static detection method uses the frequency of opcodes while the dynamic detection method considers CPU usage, memory usage, network usage and system call statistics. We evaluate the performance of our hybrid detection method on a dataset that contains both ransomware and legitimate applications. Additionally, we evaluate the performance of the static and dynamic stand-alone methods for comparison. Our results show that although both static and dynamic detection methods perform well in detecting ransomware, their combination in a form of a hybrid method performs best, being able to detect ransomware with 100% precision and having a false positive rate of less than 4%.

[1]  Jaime G. Carbonell,et al.  An Overview of Machine Learning , 1983 .

[2]  Miroslaw Malek,et al.  MalAware: Effective and Efficient Run-Time Mobile Malware Detector , 2016, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[3]  Antonella Santone,et al.  Ransomware Steals Your Phone. Formal Methods Rescue It , 2016, FORTE.

[4]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[5]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[6]  Fabio Martinelli,et al.  BRIDEMAID: An Hybrid Tool for Accurate Detection of Android Malware , 2017, AsiaCCS.

[7]  Miroslaw Malek,et al.  A Friend or a Foe? Detecting Malware using Memory and CPU Features , 2016, SECRYPT.

[8]  Fabio Martinelli,et al.  I find your behavior disturbing: Static and dynamic app behavioral analysis for detection of Android malware , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[9]  Sanggeun Song,et al.  The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform , 2016, Mob. Inf. Syst..

[10]  Eric Medvet,et al.  Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[11]  Gerardo Canfora,et al.  Mobile malware detection using op-code frequency histograms , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[12]  Aniello Cimitile,et al.  Mobile Malware Detection in the Real World , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[13]  Gerardo Canfora,et al.  Evaluating Op-Code Frequency Histograms in Malware and Third-Party Mobile Applications , 2015, ICETE.

[14]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[15]  Ali A. Ghorbani,et al.  DNA-Droid: A Real-Time Android Ransomware Detection Framework , 2017, NSS.

[16]  Yu Yang,et al.  Automated Detection and Analysis for Android Ransomware , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.