An Intelligent Behavior-Based Ransomware Detection System For Android Platform

Abdulrahman Alzahrani, Hani Alshahrani, A. Alshehri, Huirong Fu
{"title":"An Intelligent Behavior-Based Ransomware Detection System For Android Platform","authors":"Abdulrahman Alzahrani, Hani Alshahrani, A. Alshehri, Huirong Fu","doi":"10.1109/TPS-ISA48467.2019.00013","DOIUrl":null,"url":null,"abstract":"Malware variants exhibit polymorphic attacks due to the tremendous growth of the present technologies. For instance, ransomware, an astonishingly growing set of monetary-gain threats in the recent years, is peculiarized as one of the most treacherous cyberthreats against innocent individuals and businesses by locking their devices and/or encrypting their files. Many proposed attempts have been introduced by cybersecurity researchers aiming at mitigating the epidemic of the ransomware attacks. However, this type of malware is kept refined by utilizing new evasion techniques, such as sophisticated codes, dynamic payloads, and anti-emulation techniques, in order to survive against detection systems. This paper introduces RanDetector, a new automated and lightweight system for detecting ransomware applications in Android platform based on their behavior. In particular, this detection system investigates the appearance of some information that is related to ransomware operations in an inspected application before integrating some supervised machine learning models to classify the application. RanDetector is evaluated and tested on a dataset of more 450 applications, including benign and ransomware. Hence, RanDetector has successfully achieved more that 97.62% detection rate with nearly zero false positive.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TPS-ISA48467.2019.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13

Abstract

Malware variants exhibit polymorphic attacks due to the tremendous growth of the present technologies. For instance, ransomware, an astonishingly growing set of monetary-gain threats in the recent years, is peculiarized as one of the most treacherous cyberthreats against innocent individuals and businesses by locking their devices and/or encrypting their files. Many proposed attempts have been introduced by cybersecurity researchers aiming at mitigating the epidemic of the ransomware attacks. However, this type of malware is kept refined by utilizing new evasion techniques, such as sophisticated codes, dynamic payloads, and anti-emulation techniques, in order to survive against detection systems. This paper introduces RanDetector, a new automated and lightweight system for detecting ransomware applications in Android platform based on their behavior. In particular, this detection system investigates the appearance of some information that is related to ransomware operations in an inspected application before integrating some supervised machine learning models to classify the application. RanDetector is evaluated and tested on a dataset of more 450 applications, including benign and ransomware. Hence, RanDetector has successfully achieved more that 97.62% detection rate with nearly zero false positive.
基于智能行为的Android平台勒索软件检测系统
由于当前技术的巨大增长,恶意软件变体表现出多态攻击。例如,勒索软件(ransomware)是近年来以获取金钱为目的的一种惊人增长的威胁,它被认为是针对无辜个人和企业的最危险的网络威胁之一,通过锁定他们的设备和/或加密他们的文件。网络安全研究人员提出了许多建议,旨在减轻勒索软件攻击的流行。然而,这种类型的恶意软件通过利用新的规避技术(如复杂的代码、动态有效载荷和反仿真技术)来保持改进,以便在检测系统中生存下来。本文介绍了一种基于Android平台上的勒索软件行为检测系统RanDetector。特别是,该检测系统在集成一些有监督的机器学习模型对应用程序进行分类之前,在被检查的应用程序中调查与勒索软件操作相关的一些信息的外观。RanDetector在超过450个应用程序的数据集上进行了评估和测试,包括良性和勒索软件。因此,RanDetector成功实现了97.62%以上的检测率,几乎为零误报。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信