Abstract
Ransomware has become one of the main cyber-threats for mobile platforms and in particular for Android. The number of ransomware attacks are increasing exponentially, while even state of art approaches terribly fail to safeguard mobile devices. The main reason is that ransomware and generic malware characteristics are quite different. Current solutions produce low accuracy and high false positives in presence of obfuscation or benign cryptographic API usage. Moreover, they are inadequate in detecting ransomware attack in early stages before infection happens. In this paper, DNA-Droid, a two layer detection framework is proposed. It benefits of a dynamic analysis layer as a complementary layer on top of a static analysis layer. The DNA-Droid utilizes novel features and deep neural network to achieve a set of features with high discriminative power between ransomware and benign samples. Moreover, Sequence Alignment techniques are employed to profile ransomware families. This helps in detecting ransomware activity in early stages before the infection happens. In order to extract dynamic features, a fully automated Android sandbox is developed which is publicly available for researchers as a web service. The DNA-Droid is tested against thousands of samples. The experimental results shows high precision and recall in detecting even unknown ransomware samples, while keeping the false negative rate below 1.5%.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
References
Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of the IEEE Symposium on Security and Privacy, p. 129140, May 1996
Andronio, N., Zanero, S., Maggi, F.: HelDroid: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382–404. Springer, Cham (2015). doi:10.1007/978-3-319-26362-5_18
Yang, T., Yang, Y., Qian, K., Lo, D.C.-T., Qian, Y., Tao, L.: Automated detection and analysis for android ransomware. In: IEEE 7th International Symposium on CSS, pp. 1338–1343. IEEE (2015)
Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Ransomware steals your phone. Formal methods rescue it. In: Albert, E., Lanese, I. (eds.) FORTE 2016. LNCS, vol. 9688, pp. 212–221. Springer, Cham (2016). doi:10.1007/978-3-319-39570-8_14
Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on android platform. Mobile Inf. Syst. 2016, 9 (2016)
Android “FBI Lock” malware how to avoid paying the ransom. https://goo.gl/bSgNGz. Accessed 02 Jan 2017
Android ransomware variant uses clickjacking to become device administrator. https://goo.gl/C1bBEJ. Accessed 02 Jan 2017
Felt, A.P., et al.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on SPSM. ACM (2011)
Wang, Z., et al.: Image quality assessment: from error visibility to structural similarity. IEEE Trans. Image Process. 13(4), 600–612 (2004)
Ap-Apid, R.: An algorithm for nudity detection. In: 5th Philippine Computing Science Congress (2005)
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICSSITE, vol. 127, pp. 86–103. Springer, Cham (2013). doi:10.1007/978-3-319-04283-1_6
Felt, A.P., et al.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 8th Symposium on UPS. ACM (2012)
Feizollah, A., et al.: A review on feature selection in mobile malware detection. Digital Invest. 13, 22–37 (2015)
Wu, D.-J., et al.: Droidmat: android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS). IEEE (2012)
Hinton, G.E., Osindero, S., Teh, Y.-W.: A fast learning algorithm for deep belief nets. Neural Comput. 18(7), 1527–1554 (2006)
Cheng, H.-T., et al.: Wide and deep learning for recommender systems. In: 1st Workshop on Deep Learning for Recommender Systems. ACM (2016)
Chen, Y., et al.: Multiple sequence alignment and artificial neural networks for malicious software detection. In: 2012 8th International Conference on Natural Computation (ICNC). IEEE (2012)
Demuth, H.B., et al.: Neural Network Design. Martin Hagan, New York (2014)
ESET, Android ransomware up by more than 50 percent, ESET research finds. https://goo.gl/0s8xbi. Accessed 02 Jan
Reverse engineering Android APK files. https://ibotpeaches.github.io/Apktool/. Accessed 02 Jan 2017
Natural Language Toolkit. http://www.nltk.org/. Accessed 02 Jan 2017
Simple and efficient tools for data mining and data analysis. http://scikit-learn.org/. Accessed 02 Jan 2017
An library for Machine Intelligence. https://www.tensorflow.org/. Accessed 02 Jan 2017
R-PackDroid Dataset. https://goo.gl/RVxfxL. Accessed 02 Jan 2017
Koodous community. https://koodous.com/. Accessed 10 July 2016
M Parkour. Contagio mini-dump. http://contagiominidump.blogspot.it/. Accessed 10 July 2016
van der Maaten, L., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)
Manning, C.D., Raghavan, P., Schtze, H.: Introduction to Information Retrieval, vol. 1. Cambridge University Press, Cambridge (2008)
Arp, D., et al.: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS (2014)
Intel, Minimum System Requirements for Android 4.2 and 4.4. https://goo.gl/I4BbIX. Accessed 10 July 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Gharib, A., Ghorbani, A. (2017). DNA-Droid: A Real-Time Android Ransomware Detection Framework. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science(), vol 10394. Springer, Cham. https://doi.org/10.1007/978-3-319-64701-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-64701-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64700-5
Online ISBN: 978-3-319-64701-2
eBook Packages: Computer ScienceComputer Science (R0)