Leveraging application permissions and network traffic attributes for Android ransomware detection

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2024-06-26 DOI:10.1016/j.jnca.2024.103950

Sekione Reward Jeremiah , Haotian Chen , Stefanos Gritzalis , Jong Hyuk Park

{"title":"Leveraging application permissions and network traffic attributes for Android ransomware detection","authors":"Sekione Reward Jeremiah , Haotian Chen , Stefanos Gritzalis , Jong Hyuk Park","doi":"10.1016/j.jnca.2024.103950","DOIUrl":null,"url":null,"abstract":"<div><p>The increase in ransomware threats targeting Android devices necessitates the development of advanced techniques to strengthen the effectiveness of detection and prevention methods. Existing studies use Machine Learning (ML) techniques to detect and classify ransomware attacks, however, the ransomware landscape's rapid evolution hinders the effectiveness of these approaches. Moreover, the potential of Deep Reinforcement Learning (DRL) for this purpose remains unexplored. This study investigates the application of various DRL models for Android ransomware detection, leveraging permissions and network traffic attributes-labeled datasets. The paper provides a detailed explanation of implementing supervised learning within a DRL context. Secondly, the challenge of devising a reward function in Android ransomware detection is addressed, given the lack of an automated method for Android ransomware identification. The conventional DRL framework, which relies on the agent's interaction with a real-time environment, is conceptually modified in a new approach. We exhaustively tested the efficiency and accuracy of DRL-based models against other ML techniques, and results show that the A2C model has a better comparable detection performance than other DRL and ML models. Moreover, when DRL models are implemented with minor parameter modifications, they expedite and improve Android ransomware detection's speed, efficiency, and accuracy relative to existing ML strategies.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"230 ","pages":"Article 103950"},"PeriodicalIF":7.7000,"publicationDate":"2024-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804524001279","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The increase in ransomware threats targeting Android devices necessitates the development of advanced techniques to strengthen the effectiveness of detection and prevention methods. Existing studies use Machine Learning (ML) techniques to detect and classify ransomware attacks, however, the ransomware landscape's rapid evolution hinders the effectiveness of these approaches. Moreover, the potential of Deep Reinforcement Learning (DRL) for this purpose remains unexplored. This study investigates the application of various DRL models for Android ransomware detection, leveraging permissions and network traffic attributes-labeled datasets. The paper provides a detailed explanation of implementing supervised learning within a DRL context. Secondly, the challenge of devising a reward function in Android ransomware detection is addressed, given the lack of an automated method for Android ransomware identification. The conventional DRL framework, which relies on the agent's interaction with a real-time environment, is conceptually modified in a new approach. We exhaustively tested the efficiency and accuracy of DRL-based models against other ML techniques, and results show that the A2C model has a better comparable detection performance than other DRL and ML models. Moreover, when DRL models are implemented with minor parameter modifications, they expedite and improve Android ransomware detection's speed, efficiency, and accuracy relative to existing ML strategies.

查看原文本刊更多论文

利用应用程序权限和网络流量属性检测安卓勒索软件

随着针对安卓设备的勒索软件威胁的增加，有必要开发先进的技术来加强检测和预防方法的有效性。现有研究使用机器学习（ML）技术对勒索软件攻击进行检测和分类，但勒索软件的快速发展阻碍了这些方法的有效性。此外，深度强化学习（DRL）在这方面的潜力仍有待开发。本研究利用权限和网络流量属性标签数据集，研究了各种 DRL 模型在安卓勒索软件检测中的应用。本文详细解释了如何在 DRL 环境中实施监督学习。其次，鉴于缺乏自动识别安卓勒索软件的方法，本文探讨了在安卓勒索软件检测中设计奖励函数所面临的挑战。传统的 DRL 框架依赖于代理与实时环境的交互，而新方法从概念上对其进行了修改。我们对基于 DRL 的模型与其他 ML 技术的效率和准确性进行了详尽的测试，结果表明，与其他 DRL 和 ML 模型相比，A2C 模型具有更好的可比检测性能。此外，在实施 DRL 模型时，只需对参数稍作修改，就能加快并提高安卓勒索软件检测的速度、效率和准确性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.