Understanding the Behaviour of Android Ransomware Attacks with Real Smartphones Dataset

Abstract

Android Security has become a frequently targeted area by cyber attackers and is widely exploited for several benefits by unauthorized users. The open-source model and affordable access to Android platforms enable smartphone users with multiple free applications and on the other hand, the same platform can be misused by attackers to achieve their goals. Android Ransomware attack is one of the majorly used attacks in the android malware domain and can affect android users with huge information and financial losses. Smartphone users store their personal to professional all kind of information in their smartphones and data breaches from the same source can put them in harmful circumstances. This research article focuses on android ransomware network architecture for detailed analysis and forming a further roadmap for the detection of such attacks. With technological capabilities, the detection of ransomware attacks at an early stage can secure from at least some levels of losses. Threat intelligence can be created using artificial intelligence-based methods for android malware attacks, but that requires clear identification of attributes and features that are involved in a particular cyberattack. In this experimental study, we have worked on CIC-AndMal2017 dataset that is being created by generating android malware attacks on real smartphones. We targeted the android ransomware attacks from this dataset and performed detailed exploratory data analysis to conclude the behaviour of different android ransomware attacks. The results drawn from this experimental study help the researcher to build artificial intelligence-based ransomware detection methodologies for the android platform.