Android勒索软件检测使用减少的操作码序列和图像相似度

2017 7th International Conference on Computer and Knowledge Engineering (ICCKE) Pub Date : 2017-10-01 DOI:10.1109/ICCKE.2017.8167881

A. Karimi, M. Moattar

{"title":"Android勒索软件检测使用减少的操作码序列和图像相似度","authors":"A. Karimi, M. Moattar","doi":"10.1109/ICCKE.2017.8167881","DOIUrl":null,"url":null,"abstract":"Nowadays Ransomwares are not limited to personal computers. Increasing the number of people accessing cell phones, availability of mobile phone application markets along with lack of an effective way for identifying Ransomwares have accelerated their growth and expansion in the field of mobile phones and IOT. In the following article, an optimal approach is presented that transforms the sequence of executable instructions into a grayscale image and then LDA is used in two phases. LDA is a statistical method that is used for separating two or more classes along with dimension reduction. In the first phase, because the image size is large and it contains information that reduces accuracy rate, its best features are exploited using LDA. In the next phase, LDA is fit to train data and the sample tests are feeded for prediction. The experimental results on two well-known Ransomware families and an unknown group of Ransomwares show that the suggested method is capable of identifying with 97 percent of accuracy.","PeriodicalId":151934,"journal":{"name":"2017 7th International Conference on Computer and Knowledge Engineering (ICCKE)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"Android ransomware detection using reduced opcode sequence and image similarity\",\"authors\":\"A. Karimi, M. Moattar\",\"doi\":\"10.1109/ICCKE.2017.8167881\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays Ransomwares are not limited to personal computers. Increasing the number of people accessing cell phones, availability of mobile phone application markets along with lack of an effective way for identifying Ransomwares have accelerated their growth and expansion in the field of mobile phones and IOT. In the following article, an optimal approach is presented that transforms the sequence of executable instructions into a grayscale image and then LDA is used in two phases. LDA is a statistical method that is used for separating two or more classes along with dimension reduction. In the first phase, because the image size is large and it contains information that reduces accuracy rate, its best features are exploited using LDA. In the next phase, LDA is fit to train data and the sample tests are feeded for prediction. The experimental results on two well-known Ransomware families and an unknown group of Ransomwares show that the suggested method is capable of identifying with 97 percent of accuracy.\",\"PeriodicalId\":151934,\"journal\":{\"name\":\"2017 7th International Conference on Computer and Knowledge Engineering (ICCKE)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 7th International Conference on Computer and Knowledge Engineering (ICCKE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCKE.2017.8167881\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 7th International Conference on Computer and Knowledge Engineering (ICCKE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCKE.2017.8167881","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 21

摘要

如今，勒索软件并不局限于个人电脑。越来越多的人使用手机，手机应用市场的可用性以及缺乏有效的识别勒索软件的方法，加速了勒索软件在手机和物联网领域的增长和扩张。在下面的文章中，提出了一种将可执行指令序列转换为灰度图像的最佳方法，然后分两个阶段使用LDA。LDA是一种统计方法，用于分离两个或多个类以及降维。在第一阶段，由于图像尺寸较大，并且包含降低准确率的信息，因此使用LDA来利用其最佳特征。下一阶段，LDA拟合训练数据，并输入样本测试进行预测。对两个知名勒索软件家族和一组未知勒索软件的实验结果表明，该方法的识别准确率达到97%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Android ransomware detection using reduced opcode sequence and image similarity

Nowadays Ransomwares are not limited to personal computers. Increasing the number of people accessing cell phones, availability of mobile phone application markets along with lack of an effective way for identifying Ransomwares have accelerated their growth and expansion in the field of mobile phones and IOT. In the following article, an optimal approach is presented that transforms the sequence of executable instructions into a grayscale image and then LDA is used in two phases. LDA is a statistical method that is used for separating two or more classes along with dimension reduction. In the first phase, because the image size is large and it contains information that reduces accuracy rate, its best features are exploited using LDA. In the next phase, LDA is fit to train data and the sample tests are feeded for prediction. The experimental results on two well-known Ransomware families and an unknown group of Ransomwares show that the suggested method is capable of identifying with 97 percent of accuracy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 7th International Conference on Computer and Knowledge Engineering (ICCKE)

自引率

0.00%

发文量