Behavioral based detection of android ransomware using machine learning techniques

IF 1.6 Q2 ENGINEERING, MULTIDISCIPLINARY
G. Kirubavathi, W. Regis Anne
{"title":"Behavioral based detection of android ransomware using machine learning techniques","authors":"G. Kirubavathi, W. Regis Anne","doi":"10.1007/s13198-024-02439-z","DOIUrl":null,"url":null,"abstract":"<p>After the pandemic, the whole world is transforming digital, due to the increased usage of handheld devices like smartphones and due to the evolution of the internet. All the transactions are becoming online. The security at end devices is an important issue to everyone. We believe that the data in transit is more secure, but in reality this is not true. The data are in the hands of bad actors for malicious activities. Android ransomware is one of the most widely distributed assaults throughout the world. It is a type of virus that prevents users from accessing the operating system and encrypts the essential data saved on their device. This work focuses on thorough assessment and detection of android ransomware application using machine learning methods. After a thorough analysis of existing mechanisms of android ransomware detection, we found that the combination of static behaviour with machine learning techniques can detect android ransomware with good accuracy. We have analysed 3572 samples of ransomware applications and 3628 samples of benign applications of various family. For classification, the decision tree, random forest, extra tree classifier, light gradient boosting machine methods are selected from the pool of classifier. The dataset was obtained from Kaggle, which is an open source dataset repository. The suggested model outperforms with a detection accuracy of 98.05%. Based on its best performance, we believe our suggested approach will be useful in ransomware and forensic investigation.</p>","PeriodicalId":14463,"journal":{"name":"International Journal of System Assurance Engineering and Management","volume":null,"pages":null},"PeriodicalIF":1.6000,"publicationDate":"2024-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of System Assurance Engineering and Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s13198-024-02439-z","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 0

Abstract

After the pandemic, the whole world is transforming digital, due to the increased usage of handheld devices like smartphones and due to the evolution of the internet. All the transactions are becoming online. The security at end devices is an important issue to everyone. We believe that the data in transit is more secure, but in reality this is not true. The data are in the hands of bad actors for malicious activities. Android ransomware is one of the most widely distributed assaults throughout the world. It is a type of virus that prevents users from accessing the operating system and encrypts the essential data saved on their device. This work focuses on thorough assessment and detection of android ransomware application using machine learning methods. After a thorough analysis of existing mechanisms of android ransomware detection, we found that the combination of static behaviour with machine learning techniques can detect android ransomware with good accuracy. We have analysed 3572 samples of ransomware applications and 3628 samples of benign applications of various family. For classification, the decision tree, random forest, extra tree classifier, light gradient boosting machine methods are selected from the pool of classifier. The dataset was obtained from Kaggle, which is an open source dataset repository. The suggested model outperforms with a detection accuracy of 98.05%. Based on its best performance, we believe our suggested approach will be useful in ransomware and forensic investigation.

Abstract Image

使用机器学习技术基于行为检测安卓勒索软件
大流行病之后,由于智能手机等手持设备使用率的提高和互联网的发展,整个世界正在向数字化转型。所有的交易都变成了在线交易。终端设备的安全对每个人来说都是一个重要问题。我们认为传输中的数据更安全,但事实上并非如此。数据会落入坏人之手,进行恶意活动。安卓勒索软件是全球分布最广的攻击软件之一。它是一种病毒,会阻止用户访问操作系统,并对其设备上保存的重要数据进行加密。这项工作的重点是利用机器学习方法全面评估和检测安卓勒索软件应用程序。在对现有的安卓勒索软件检测机制进行全面分析后,我们发现将静态行为与机器学习技术相结合可以准确地检测出安卓勒索软件。我们分析了 3572 个勒索软件应用程序样本和 3628 个不同系列的良性应用程序样本。在分类时,我们从分类器库中选择了决策树、随机森林、额外树分类器和轻梯度增强机器方法。数据集来自开源数据集库 Kaggle。所建议的模型表现优异,检测准确率达到 98.05%。基于其最佳性能,我们相信我们建议的方法将在勒索软件和取证调查中大有用武之地。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
4.30
自引率
10.00%
发文量
252
期刊介绍: This Journal is established with a view to cater to increased awareness for high quality research in the seamless integration of heterogeneous technologies to formulate bankable solutions to the emergent complex engineering problems. Assurance engineering could be thought of as relating to the provision of higher confidence in the reliable and secure implementation of a system’s critical characteristic features through the espousal of a holistic approach by using a wide variety of cross disciplinary tools and techniques. Successful realization of sustainable and dependable products, systems and services involves an extensive adoption of Reliability, Quality, Safety and Risk related procedures for achieving high assurancelevels of performance; also pivotal are the management issues related to risk and uncertainty that govern the practical constraints encountered in their deployment. It is our intention to provide a platform for the modeling and analysis of large engineering systems, among the other aforementioned allied goals of systems assurance engineering, leading to the enforcement of performance enhancement measures. Achieving a fine balance between theory and practice is the primary focus. The Journal only publishes high quality papers that have passed the rigorous peer review procedure of an archival scientific Journal. The aim is an increasing number of submissions, wide circulation and a high impact factor.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信