ABSTRACT
Ransomware has become a serious and concrete threat for mobile platforms and in particular for Android. In this paper, we propose R-PackDroid, a machine learning system for the detection of Android ransomware. Differently to previous works, we leverage information extracted from system API packages, which allow to characterize applications without specific knowledge of user-defined content such as the application language or strings. Results attained on very recent data show that it is possible to detect Android ransomware and to distinguish it from generic malware with very high accuracy. Moreover, we used R-PackDroid to flag applications that were detected as ransomware with very low confidence by the VirusTotal service. In this way, we were able to correctly distinguish true ransomware from false positives, thus providing valuable help for the analysis of these malicious applications.
- N. Andronio, S. Zanero, and F. Maggi. Heldroid: Dissecting and detecting mobile ransomware. In RAID, pages 382--404. Springer, 2015. Google ScholarDigital Library
- M. Aresu, D. Ariu, M. Ahmadi, D. Maiorca, and G. Giacinto. Clustering android malware families by http traffic. In 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pages 128--135, Oct 2015. Google ScholarDigital Library
- D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck. Drebin: Effective and explainable detection of android malware in your pocket. In NDSS. The Internet Society, 2014. Google ScholarCross Ref
- G. Canfora, F. Mercaldo, and C. A. Visaggio. An hmm and structural entropy based detector for android malware: An empirical study. Computers & Security, 61:1--18, 2016. Google ScholarDigital Library
- J. Hoffmann, T. Rytilahti, D. Maiorca, M. Winandy, G. Giacinto, and T. Holz. Evaluating analysis tools for android apps: Status quo and robustness against obfuscation. In CODASPY '16, pages 139--141, New York, NY, USA, 2016. ACM. Google ScholarDigital Library
- D. Maiorca, D. Ariu, I. Corona, M. Aresu, and G. Giacinto. Stealth attacks: An extended insight into the obfuscation effects on android malware. Computers & Security, 51:16--31, 2015. Google ScholarDigital Library
- J. Oberheide, E. Cooke, and F. Jahanian. Cloudav: N-version antivirus in the network cloud. In USENIX Security Symposium, pages 91--106, 2008. Google ScholarDigital Library
- J. Oberheide and C. Miller. Dissecting the android bouncer. SummerCon2012, New York, 2012.Google Scholar
- C. J. V. Rijsbergen. Information Retrieval. Butterworth-Heinemann, Newton, MA, USA, 2nd edition, 1979. Google ScholarDigital Library
- S. Roy, J. DeLoach, Y. Li, N. Herndon, D. Caragea, X. Ou, V. P. Ranganath, H. Li, and N. Guevara. Experimental study with real-world data for android app security analysis using machine learning. In ACSAC 2015, pages 81--90. ACM, 2015. Google ScholarDigital Library
- K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro. Copperdroid: Automatic reconstruction of android malware behaviors. In NDSS. The Internet Society, 2015. Google ScholarCross Ref
- Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy, pages 95--109. IEEE, 2012. Google ScholarDigital Library
Index Terms
- R-PackDroid: API package-based characterization and detection of mobile ransomware
Recommendations
Talos: no more ransomware victims with formal methods
Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers ...
On the effectiveness of system API-related information for Android ransomware detection
AbstractRansomware constitutes a significant threat to the Android operating system. It can either lock or encrypt the target devices, and victims are forced to pay ransoms to restore their data. Hence, the prompt detection of such attacks has ...
RansomShield: A Visualization Approach to Defending Mobile Systems Against Ransomware
The unprecedented growth in mobile systems has transformed the way we approach everyday computing. Unfortunately, the emergence of a sophisticated type of malware known as ransomware poses a great threat to consumers of this technology. Traditional ...
Comments