Enhancing RansomwareElite App for Detection of Ransomware in Android Applications

2018 Eleventh International Conference on Contemporary Computing (IC3) Pub Date : 2018-08-01 DOI:10.1109/IC3.2018.8530614

Shivangi, Gautam Sharma, Anubhav Johri, Akshita, Anurag Goel, Anuradha Gupta

{"title":"Enhancing RansomwareElite App for Detection of Ransomware in Android Applications","authors":"Shivangi, Gautam Sharma, Anubhav Johri, Akshita, Anurag Goel, Anuradha Gupta","doi":"10.1109/IC3.2018.8530614","DOIUrl":null,"url":null,"abstract":"As the number of android applications (apps) available in the market are increasing rapidly, various types of security attacks using the android apps are also increasing with the same pace. The ransomware attack is one of these kind of security attacks in which the attackers locks the user's phone, encrypts user's data or blocks the user's access to their own data and threatens the user to pay a ransom to gain the access back. This cyber-threat is terrorizing the world from many years as it performs mimicry attacks i. e. combination of encryption & locking attacks. Android devices are more prone to these ransomware attacks compared to Windows and IOS devices. RansomwareElite is an android application which detects the presence of ransomware in the apps installed on an android device by checking the presence of any threatening text in app code or by verifying the permissions requested by the app from the user. In this paper, we focused on improving the performance of RansomwareElite app by extending its features. Now, the RansomwareElite app also searches the presence of any threatening image or file containing threatening text by analyzing the Android Package Kit(APK) file of android app. Moreover, it also detects some specific methods and classes in the code of the APK which could be used for locking the device and checks some specific permissions requested, for uninstalled apps now. Further, it maintains a database on the online server for the records of all the suspicious and ransomware apps detected by RansomwareElite. We have tested RansomwareElite with 9 Test Apps which are manually created based on the features of ransomware family and on 48 android devices. After analyzing the test results, we have found that the performance of RansomwareElite is improved after incorporating the new features and RansomwareElite app detects the presence of ransomware in installed as well as uninstalled apps present on an android's device in an efficient manner.","PeriodicalId":118388,"journal":{"name":"2018 Eleventh International Conference on Contemporary Computing (IC3)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Eleventh International Conference on Contemporary Computing (IC3)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC3.2018.8530614","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

As the number of android applications (apps) available in the market are increasing rapidly, various types of security attacks using the android apps are also increasing with the same pace. The ransomware attack is one of these kind of security attacks in which the attackers locks the user's phone, encrypts user's data or blocks the user's access to their own data and threatens the user to pay a ransom to gain the access back. This cyber-threat is terrorizing the world from many years as it performs mimicry attacks i. e. combination of encryption & locking attacks. Android devices are more prone to these ransomware attacks compared to Windows and IOS devices. RansomwareElite is an android application which detects the presence of ransomware in the apps installed on an android device by checking the presence of any threatening text in app code or by verifying the permissions requested by the app from the user. In this paper, we focused on improving the performance of RansomwareElite app by extending its features. Now, the RansomwareElite app also searches the presence of any threatening image or file containing threatening text by analyzing the Android Package Kit(APK) file of android app. Moreover, it also detects some specific methods and classes in the code of the APK which could be used for locking the device and checks some specific permissions requested, for uninstalled apps now. Further, it maintains a database on the online server for the records of all the suspicious and ransomware apps detected by RansomwareElite. We have tested RansomwareElite with 9 Test Apps which are manually created based on the features of ransomware family and on 48 android devices. After analyzing the test results, we have found that the performance of RansomwareElite is improved after incorporating the new features and RansomwareElite app detects the presence of ransomware in installed as well as uninstalled apps present on an android's device in an efficient manner.

查看原文本刊更多论文

增强RansomwareElite应用程序检测勒索软件在Android应用程序

随着市场上可用的android应用程序(app)数量的快速增长，使用android应用程序的各种安全攻击也在以同样的速度增长。勒索软件攻击是一种安全攻击，攻击者锁定用户的手机，加密用户的数据或阻止用户访问自己的数据，并威胁用户支付赎金以重新获得访问权限。这种网络威胁多年来一直在恐吓世界，因为它执行模仿攻击，即加密和锁定攻击的组合。与Windows和IOS设备相比，Android设备更容易受到这些勒索软件的攻击。RansomwareElite是一款android应用程序，通过检查应用程序代码中是否存在任何威胁文本或验证用户请求的应用程序权限，检测安装在android设备上的应用程序中是否存在勒索软件。在本文中，我们专注于通过扩展其功能来提高RansomwareElite应用程序的性能。现在，RansomwareElite应用程序还通过分析Android应用程序的Android Package Kit(APK)文件来搜索是否存在任何具有威胁性的图像或包含威胁性文本的文件。此外，它还检测到APK代码中可以用于锁定设备的一些特定方法和类，并检查一些特定的权限请求，对于现在已卸载的应用程序。此外，它在在线服务器上维护一个数据库，用于记录RansomwareElite检测到的所有可疑和勒索软件应用程序。我们已经测试了RansomwareElite与9个测试应用程序，这些应用程序是基于勒索软件家族和48个android设备的功能手动创建的。在分析测试结果后，我们发现在加入新功能后，RansomwareElite的性能得到了提高，RansomwareElite应用程序可以有效地检测android设备上已安装和已卸载应用程序中是否存在勒索软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 Eleventh International Conference on Contemporary Computing (IC3)

自引率

0.00%

发文量